Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Windows 10 1809 Zip Extraction Bug Overwrites Files without Confirmation

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Unknown virus that causes unwanted redirection from search engines to spam sites, and keeps Internet Explorer from opening

Started by prvtdncr36 , Jun 03 2009 01:29 PM

This topic is locked

38 replies to this topic

#1 prvtdncr36

Members
19 posts
OFFLINE

Gender:Male
Local time:11:21 PM

Posted 03 June 2009 - 01:29 PM

I very foolishly tried to download an "update" for a video player that ended up infecting my computer. When I search on yahoo and click on the search results, I get redirected to unrelated sites trying to sell me something. I am using Safari for Windows as a web browser, but occasionally use Internet Explorer when I have to. Internet Explorer won't open at all. I have downloaded SpyBot Search and Destroy, which took out a few trojans and some worms (around 230 total), but the problem remains. I am afraid to login to many of my online accounts fearing that someone will steal my passwords. I have also had issues with the computer going to a blue screen, and initializing a crash dump before restarting my computer. I also downloaded Hijackthis but it wouldn't run the program until I renamed it to something else, then it ran the program just fine.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Richard at 14:11:32.17 on Wed 06/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1982.1104 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Users\Richard\Documents\Yakko.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Richard\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070730
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070730
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7370F91F-6994-4595-9949-601FA2261C8D} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [cdloader] "c:\users\richard\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-3 130936]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-3 348752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-30 29744]
S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\system32\drivers\usb8023.sys [2006-11-2 14848]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-7-30 129832]

=============== Created Last 30 ================

2009-06-03 13:42 <DIR> --d----- c:\program files\Trend Micro
2009-06-03 13:40 <DIR> --d-h--- c:\windows\PIF
2009-06-03 01:46 179,704 a---h--- c:\windows\system32\mlfcache.dat
2009-06-03 01:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-03 01:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-03 01:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-03 01:11 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-03 01:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-03 01:11 <DIR> --d----- c:\users\richard\appdata\roaming\PC Tools
2009-06-03 01:11 <DIR> --d----- c:\programdata\PC Tools
2009-06-03 01:11 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-03 01:11 <DIR> --d----- c:\progra~2\PC Tools
2009-06-03 01:03 169,192,510 a------- c:\windows\MEMORY.DMP
2009-06-03 00:56 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-03 00:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-03 00:56 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-21 14:02 56,597 a------- c:\programdata\nvModes.dat
2009-05-21 14:02 56,597 a------- c:\progra~2\nvModes.dat
2009-05-21 13:17 <DIR> --d----- C:\NVIDIA
2009-05-21 13:13 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-05-09 03:01 268,800 a------- c:\windows\system32\es.dll
2009-05-08 01:34 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-08 01:34 272,896 a------- c:\windows\system32\polstore.dll
2009-05-08 01:34 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-08 01:34 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-08 01:30 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-08 01:30 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-05-08 01:30 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-08 01:28 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-05-08 01:28 205,824 a------- c:\windows\system32\msoeacct.dll
2009-05-08 01:28 87,040 a------- c:\windows\system32\msoert2.dll
2009-05-08 01:24 194,560 a------- c:\windows\system32\WebClnt.dll
2009-05-08 01:24 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-05-08 01:18 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-08 01:14 297,472 a------- c:\windows\system32\gdi32.dll
2009-05-08 01:12 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-05-08 01:12 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-05-08 01:10 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-08 01:08 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-05-08 01:08 30,208 a------- c:\windows\system32\xolehlp.dll
2009-05-08 01:02 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-08 01:02 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-08 01:02 1,687,040 a------- c:\windows\system32\gameux.dll
2009-05-08 00:59 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-08 00:57 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-05-08 00:57 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-08 00:55 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-05-08 00:54 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-05-08 00:54 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-05-08 00:54 86,016 a------- c:\windows\system32\icfupgd.dll
2009-05-08 00:54 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-05-08 00:54 16,896 a------- c:\windows\system32\wfapigp.dll
2009-05-08 00:53 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-05-08 00:53 61,952 a------- c:\windows\system32\cmifw.dll
2009-05-08 00:53 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-05-08 00:53 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-05-08 00:49 2,048 a------- c:\windows\system32\tzres.dll
2009-05-08 00:45 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-05-08 00:45 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-08 00:45 4,096 a------- c:\windows\system32\msdxm.ocx
2009-05-08 00:45 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-08 00:33 110,136 a------- c:\windows\system32\drivers\ataport.sys
2009-05-08 00:33 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-05-08 00:33 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-05-08 00:33 15,928 a------- c:\windows\system32\drivers\pciide.sys
2009-05-08 00:33 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-05-08 00:33 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-05-08 00:29 2,923,520 a------- c:\windows\explorer.exe
2009-05-08 00:20 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-05-08 00:20 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-05-08 00:20 24,064 a------- c:\windows\system32\netcfg.exe
2009-05-08 00:20 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-05-08 00:20 22,016 a------- c:\windows\system32\netiougc.exe
2009-05-08 00:10 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-05-08 00:08 595,456 a------- c:\windows\system32\schedsvc.dll
2009-05-08 00:08 495,160 a------- c:\windows\system32\drivers\Wdf01000.sys
2009-05-08 00:08 35,384 a------- c:\windows\system32\drivers\WdfLdr.sys
2009-05-08 00:08 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-05-08 00:08 35,328 a------- c:\windows\system32\dispci.dll
2009-05-08 00:08 12,800 a------- c:\windows\system32\batt.dll
2009-05-08 00:08 34,360 a------- c:\windows\system32\drivers\mouclass.sys
2009-05-08 00:08 19,968 a------- c:\windows\system32\drivers\sermouse.sys
2009-05-08 00:08 15,872 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-08 00:08 54,784 a------- c:\windows\system32\drivers\i8042prt.sys
2009-05-08 00:08 35,384 a------- c:\windows\system32\drivers\kbdclass.sys
2009-05-08 00:08 15,872 a------- c:\windows\system32\drivers\kbdhid.sys
2009-05-07 23:42 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-05-07 23:42 2,048 a------- c:\windows\system32\asferror.dll
2009-05-07 23:42 223,232 a------- c:\windows\system32\WMASF.DLL
2009-05-07 23:36 72,704 a------- c:\windows\system32\secur32.dll
2009-05-07 23:36 7,680 a------- c:\windows\system32\lsass.exe
2009-05-07 23:36 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-05-07 23:35 25,600 a------- c:\windows\system32\amxread.dll
2009-05-07 23:35 14,848 a------- c:\windows\system32\apilogen.dll
2009-05-07 23:30 223,232 a------- c:\windows\system32\SLC.dll
2009-05-07 23:30 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-05-07 23:30 33,280 a------- c:\windows\system32\slwmi.dll
2009-05-07 23:30 566,784 a------- c:\windows\system32\SLCommDlg.dll
2009-05-07 23:30 351,232 a------- c:\windows\system32\SLUI.exe
2009-05-07 23:30 186,368 a------- c:\windows\system32\SLLUA.exe
2009-05-07 23:30 57,856 a------- c:\windows\system32\SLUINotify.dll
2009-05-07 23:30 2,605,568 a------- c:\windows\system32\SLsvc.exe
2009-05-07 23:30 39,936 a------- c:\windows\system32\slcinst.dll
2009-05-07 23:24 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-05-07 23:24 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2009-05-07 23:24 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-05-07 23:09 37,376 a------- c:\windows\system32\printcom.dll
2009-05-07 23:09 441,856 a------- c:\windows\system32\win32spl.dll
2009-05-07 23:01 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-05-07 23:01 14,848 a------- c:\windows\system32\wshrm.dll
2009-05-07 22:54 11,776 a------- c:\windows\system32\sbunattend.exe
2009-05-07 22:39 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-05-07 22:37 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-05-07 22:37 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-05-07 22:35 53,760 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-05-07 22:32 269,824 a------- c:\windows\system32\schannel.dll
2009-05-07 22:22 622,080 a------- c:\windows\system32\icardagt.exe
2009-05-07 22:22 97,800 a------- c:\windows\system32\infocardapi.dll
2009-05-07 22:22 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-05-07 22:22 11,264 a------- c:\windows\system32\icardres.dll
2009-05-07 22:22 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-07 22:22 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-05-07 22:22 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-05-07 22:22 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-05-07 21:54 131,072 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-05-07 21:54 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-05-07 21:54 15,794,176 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-05-07 21:48 96,760 a------- c:\windows\system32\dfshim.dll
2009-05-07 21:48 41,984 a------- c:\windows\system32\netfxperf.dll
2009-05-07 21:48 282,112 a------- c:\windows\system32\mscoree.dll
2009-05-07 21:48 158,720 a------- c:\windows\system32\mscorier.dll
2009-05-07 21:48 83,968 a------- c:\windows\system32\mscories.dll
2009-05-07 21:18 2,855,424 a------- c:\windows\system32\mf.dll
2009-05-07 21:18 98,816 a------- c:\windows\system32\mfps.dll
2009-05-07 21:18 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-05-07 21:18 24,576 a------- c:\windows\system32\mfpmp.exe
2009-05-07 21:18 2,048 a------- c:\windows\system32\mferror.dll
2009-05-07 21:18 94,720 a------- c:\windows\system32\logagent.exe
2009-05-07 21:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-05-07 21:17 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-05-07 21:17 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-05-07 21:17 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-05-07 21:17 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-05-07 21:17 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-05-07 21:16 737,792 a------- c:\windows\system32\inetcomm.dll
2009-05-07 21:16 84,480 a------- c:\windows\system32\INETRES.dll
2009-05-07 21:15 1,645,568 a------- c:\windows\system32\connect.dll
2009-05-07 21:14 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-05-07 21:14 5,120 a------- c:\windows\system32\wmi.dll
2009-05-07 21:14 152,576 a------- c:\windows\system32\imagehlp.dll
2009-05-07 21:13 1,327,104 a------- c:\windows\system32\quartz.dll
2009-05-07 21:12 2,028,032 a------- c:\windows\system32\win32k.sys
2009-05-07 21:06 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-05-07 21:06 2,048 a------- c:\windows\system32\msxml6r.dll
2009-05-07 21:00 750,080 a------- c:\windows\system32\qmgr.dll
2009-05-07 17:15 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-05-07 17:14 83,456 a------- c:\windows\system32\wudriver.dll
2009-05-07 17:13 162,064 a------- c:\windows\system32\wuwebv.dll
2009-05-07 17:13 31,232 a------- c:\windows\system32\wuapp.exe
2009-05-07 16:23 65 a------- c:\windows\FISHUI.INI

==================== Find3M ====================

2009-05-22 03:01 51,200 a------- c:\windows\inf\infpub.dat
2009-05-22 03:01 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-21 13:18 86,016 a------- c:\windows\inf\infstor.dat
2009-05-08 03:03 174 a--sh--- c:\program files\desktop.ini
2009-05-08 02:45 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-08 01:26 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-05-08 01:26 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-05-08 01:26 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-05-08 01:26 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-05-08 01:26 542,720 a------- c:\windows\system32\sysmain.dll
2009-05-08 01:26 502,784 a------- c:\windows\system32\wlansvc.dll
2009-05-08 01:26 297,984 a------- c:\windows\system32\wlansec.dll
2009-05-08 01:26 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-05-08 01:26 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-05-08 01:26 47,104 a------- c:\windows\system32\wlanapi.dll
2009-05-08 01:02 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-08 01:02 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-05-08 01:02 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-05-08 01:02 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-08 01:02 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-08 00:09 371,712 a------- c:\windows\system32\srcore.dll
2009-05-07 23:59 549,888 a------- c:\windows\system32\rpcss.dll
2009-05-07 23:59 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-05-07 23:59 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-05-07 23:59 654,336 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-05-07 23:59 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-05-07 23:59 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2009-05-07 23:59 130,560 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-05-07 23:59 501,760 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-05-07 23:59 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-05-07 23:59 53,248 a------- c:\windows\system32\iasads.dll
2009-05-07 23:59 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-05-07 23:59 158,720 a------- c:\windows\system32\sdohlp.dll
2009-05-07 23:59 97,280 a------- c:\windows\system32\iasrecst.dll
2009-05-07 23:35 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-07 21:04 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-05-01 00:08 1,194,528 a------- c:\windows\system32\nvcplui.exe
2009-05-01 00:08 1,292,832 a------- c:\windows\system32\nvsvs.dll
2009-05-01 00:07 143,360 a------- c:\windows\system32\nvshext.dll
2009-04-30 22:02 1,704,960 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod146.dll
2009-04-30 22:02 4,224 a------- c:\windows\system32\drivers\nvBridge.kmd
2009-04-27 00:42 457,248 a------- c:\windows\system32\nvuninst.exe
2009-03-20 13:09 152,904 a------- c:\windows\system32\vghd.scr
2009-03-08 07:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 07:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 07:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 07:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 07:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 07:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 07:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 07:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 07:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 07:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 07:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 07:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 07:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 07:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2007-09-02 20:00 328 a------- c:\users\richard\appdata\roaming\wklnhst.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-11-19 15:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-19 15:51 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-19 15:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-03 14:13 262,144 a--sh--- c:\windows\serviceprofiles\networkservice\NTUSER.DAT
2007-09-21 14:37 80 a--shr-- c:\windows\system32\8556520F18.dll
2007-07-30 16:21 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:14:09.56 ===============

Attached Files

Attach.txt 7.14KB 6 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Tokek

Bleepin' Gecko

Members
1,213 posts
OFFLINE

Gender:Male
Location:Jakarta, Indonesia
Local time:07:21 PM

Posted 14 June 2009 - 02:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

If I have not replied back to your post in 3 days, please send me a PM.

#3 prvtdncr36

Topic Starter

Members
19 posts
OFFLINE

Gender:Male
Local time:11:21 PM

Posted 14 June 2009 - 10:26 PM

Here is the new log. Thank you very much for your help!

DDS (Ver_09-05-14.01) - NTFSx86
Run by Richard at 23:20:04.27 on Sun 06/14/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1982.829 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Richard\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Safari\Safari.exe
C:\Users\Richard\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070730
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070730
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7370F91F-6994-4595-9949-601FA2261C8D} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [cdloader] "c:\users\richard\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-3 130936]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-3 348752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-30 29744]
S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\system32\drivers\usb8023.sys [2006-11-2 14848]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-7-30 129832]

=============== Created Last 30 ================

2009-06-11 02:00 2,028,032 a------- c:\windows\system32\win32k.sys
2009-06-11 02:00 696,832 a------- c:\windows\system32\localspl.dll
2009-06-08 12:15 819,200 a------- c:\windows\system32\xvidcore.dll
2009-06-08 12:15 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-06-08 12:15 77,824 a------- c:\windows\system32\xvid.ax
2009-06-08 12:15 <DIR> --d----- c:\program files\Xvid
2009-06-04 11:03 <DIR> --d----- c:\program files\iPod
2009-06-04 11:03 <DIR> --d----- c:\program files\iTunes
2009-06-03 13:42 <DIR> --d----- c:\program files\Trend Micro
2009-06-03 13:40 <DIR> --d-h--- c:\windows\PIF
2009-06-03 01:46 179,704 a---h--- c:\windows\system32\mlfcache.dat
2009-06-03 01:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-03 01:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-03 01:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-03 01:11 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-03 01:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-03 01:11 <DIR> --d----- c:\users\richard\appdata\roaming\PC Tools
2009-06-03 01:11 <DIR> --d----- c:\programdata\PC Tools
2009-06-03 01:11 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-03 01:11 <DIR> --d----- c:\progra~2\PC Tools
2009-06-03 01:03 169,192,510 a------- c:\windows\MEMORY.DMP
2009-06-03 00:56 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-03 00:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-03 00:56 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-21 14:02 56,597 a------- c:\programdata\nvModes.dat
2009-05-21 14:02 56,597 a------- c:\progra~2\nvModes.dat
2009-05-21 13:17 <DIR> --d----- C:\NVIDIA
2009-05-21 13:13 <DIR> --d----- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2009-06-04 10:54 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-04 10:54 86,016 a------- c:\windows\inf\infstor.dat
2009-06-04 10:54 51,200 a------- c:\windows\inf\infpub.dat
2009-05-09 03:01 268,800 a------- c:\windows\system32\es.dll
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-08 03:03 174 a--sh--- c:\program files\desktop.ini
2009-05-08 02:45 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-08 01:34 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-08 01:34 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-08 01:34 272,896 a------- c:\windows\system32\polstore.dll
2009-05-08 01:34 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-08 01:30 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-08 01:30 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-05-08 01:30 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-08 01:28 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-05-08 01:28 205,824 a------- c:\windows\system32\msoeacct.dll
2009-05-08 01:28 87,040 a------- c:\windows\system32\msoert2.dll
2009-05-08 01:26 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-05-08 01:26 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-05-08 01:26 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-05-08 01:26 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-05-08 01:26 542,720 a------- c:\windows\system32\sysmain.dll
2009-05-08 01:26 502,784 a------- c:\windows\system32\wlansvc.dll
2009-05-08 01:26 297,984 a------- c:\windows\system32\wlansec.dll
2009-05-08 01:26 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-05-08 01:26 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-05-08 01:26 47,104 a------- c:\windows\system32\wlanapi.dll
2009-05-08 01:24 194,560 a------- c:\windows\system32\WebClnt.dll
2009-05-08 01:24 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-05-08 01:18 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-08 01:14 297,472 a------- c:\windows\system32\gdi32.dll
2009-05-08 01:12 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-05-08 01:12 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-05-08 01:10 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-08 01:08 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-05-08 01:08 30,208 a------- c:\windows\system32\xolehlp.dll
2009-05-08 01:02 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-08 01:02 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-08 01:02 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-05-08 01:02 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-05-08 01:02 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-08 01:02 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-08 01:02 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-08 01:02 1,687,040 a------- c:\windows\system32\gameux.dll
2009-05-08 00:59 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-08 00:57 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-05-08 00:57 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-08 00:55 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-05-08 00:54 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-05-08 00:54 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-05-08 00:54 86,016 a------- c:\windows\system32\icfupgd.dll
2009-05-08 00:54 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-05-08 00:54 16,896 a------- c:\windows\system32\wfapigp.dll
2009-05-08 00:53 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-05-08 00:53 61,952 a------- c:\windows\system32\cmifw.dll
2009-05-08 00:53 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-05-08 00:53 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-05-08 00:49 2,048 a------- c:\windows\system32\tzres.dll
2009-05-08 00:45 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-05-08 00:45 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-08 00:45 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-08 00:33 110,136 a------- c:\windows\system32\drivers\ataport.sys
2009-05-08 00:33 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-05-08 00:33 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-05-08 00:33 15,928 a------- c:\windows\system32\drivers\pciide.sys
2009-05-08 00:33 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-05-08 00:33 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-05-08 00:29 2,923,520 a------- c:\windows\explorer.exe
2009-05-08 00:20 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-05-08 00:20 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-05-08 00:20 24,064 a------- c:\windows\system32\netcfg.exe
2009-05-08 00:20 22,016 a------- c:\windows\system32\netiougc.exe
2009-05-08 00:20 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-05-08 00:10 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-05-08 00:08 595,456 a------- c:\windows\system32\schedsvc.dll
2009-05-08 00:08 495,160 a------- c:\windows\system32\drivers\Wdf01000.sys
2009-05-08 00:08 35,384 a------- c:\windows\system32\drivers\WdfLdr.sys
2009-05-08 00:08 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-05-08 00:08 35,328 a------- c:\windows\system32\dispci.dll
2009-05-08 00:08 12,800 a------- c:\windows\system32\batt.dll
2009-05-08 00:08 34,360 a------- c:\windows\system32\drivers\mouclass.sys
2009-05-08 00:08 19,968 a------- c:\windows\system32\drivers\sermouse.sys
2009-05-08 00:08 15,872 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-08 00:08 54,784 a------- c:\windows\system32\drivers\i8042prt.sys
2009-05-08 00:08 35,384 a------- c:\windows\system32\drivers\kbdclass.sys
2009-05-08 00:08 15,872 a------- c:\windows\system32\drivers\kbdhid.sys
2009-05-07 23:42 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-05-07 23:42 2,048 a------- c:\windows\system32\asferror.dll
2009-05-07 23:42 223,232 a------- c:\windows\system32\WMASF.DLL
2009-05-07 23:36 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-05-07 23:36 72,704 a------- c:\windows\system32\secur32.dll
2009-05-07 23:36 7,680 a------- c:\windows\system32\lsass.exe
2009-05-07 23:35 25,600 a------- c:\windows\system32\amxread.dll
2009-05-07 23:35 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-07 23:35 14,848 a------- c:\windows\system32\apilogen.dll
2009-05-07 23:30 223,232 a------- c:\windows\system32\SLC.dll
2009-05-07 23:30 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-05-07 23:30 33,280 a------- c:\windows\system32\slwmi.dll
2009-05-07 23:30:08 A------- 566,784 c:\windows\system32\SLCommDlg.dll
2008-11-19 15:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-19 15:51 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-19 15:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-09-21 14:37 80 a--shr-- c:\windows\system32\8556520F18.dll
2007-07-30 16:21 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:22:53.95 ===============

Attached Files

Attach.txt 5.25KB 15 downloads

#4 Tokek

Bleepin' Gecko

Members
1,213 posts
OFFLINE

Gender:Male
Location:Jakarta, Indonesia
Local time:07:21 PM

Posted 15 June 2009 - 03:20 AM

Hello prvtdncr36,

My name is Tokek and I will be helping you with your Malware problem.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

Please give me some time to look over your log, I will post the reply as soon as they are approved.

If I have not replied back to your post in 3 days, please send me a PM.

#5 Tokek

Bleepin' Gecko

Members
1,213 posts
OFFLINE

Gender:Male
Location:Jakarta, Indonesia
Local time:07:21 PM

Posted 15 June 2009 - 06:31 PM

Hello prvtdncr36,

1.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Users\Richard\Documents\Yakko.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

2.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

3.

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Please post the Jotti result, MBAM log, GMER log, a new DDS log and a description of any remaining problems.

If I have not replied back to your post in 3 days, please send me a PM.

#6 prvtdncr36

Topic Starter

Members
19 posts
OFFLINE

Gender:Male
Local time:11:21 PM

Posted 16 June 2009 - 08:25 AM

The file that you wanted me to look up (C:\Users\Richard\Documents\Yakko.exe) is what I renamed HiJackThis in order for it to run. Here is the link to the Jotti results anyway.

http://virusscan.jotti.org/en/scanresult/f...f98250cb292ab48

I installed MalwareBytes, but my computer refuses to run the program. I tried renaming it but it accomplished nothing. What do I do now?

#7 Tokek

Bleepin' Gecko

Members
1,213 posts
OFFLINE

Gender:Male
Location:Jakarta, Indonesia
Local time:07:21 PM

Posted 16 June 2009 - 10:46 AM

Hello prvtdncr36,

Good to know about Yakko.exe file and we can bypass MBAM for now. Can you run GMER and post the log as well as a new DDS log?

If I have not replied back to your post in 3 days, please send me a PM.

#8 prvtdncr36

Topic Starter

Members
19 posts
OFFLINE

Gender:Male
Local time:11:21 PM

Posted 16 June 2009 - 01:35 PM

Here is my GMER log

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-16 14:24:37
Windows 6.0.6000

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x806FF282]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x806FF474]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x806FEF32]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x806FF67C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8CC2B9C0]
Code 86CF78A0 ZwEnumerateKey
Code 86CF7B88 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8CC2B9FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8CC2BA41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8CC2B930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8CC2B944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8CC2B9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8CC2BA69]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8CC2BA55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8CC2B9AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8CC2B998]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8CC2BA14]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8CC2B9EA]
Code 86C5432D IofCallDriver
Code 86CF294E IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 82027F37 5 Bytes JMP 86C54332
.text ntkrnlpa.exe!IofCompleteRequest 82027FA4 5 Bytes JMP 86CF2953
.text ntkrnlpa.exe!ZwYieldExecution 820B5AC6 5 Bytes JMP 8CC2B9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 82137F06 5 Bytes JMP 86CF78A4
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8213870A 5 Bytes JMP 8CC2BA45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 82139BA2 5 Bytes JMP 8CC2BA59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8213BD3E 5 Bytes JMP 8CC2BA6D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8218EC4E 5 Bytes JMP 8CC2B9C4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 821D01E6 7 Bytes JMP 8CC2BA02 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 821E0BD0 5 Bytes JMP 8CC2BA18 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 821E849F 5 Bytes JMP 86CF7B8C
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 821E8753 7 Bytes JMP 8CC2B9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 822138F5 5 Bytes JMP 8CC2B934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 82213C57 5 Bytes JMP 8CC2B948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 82215D0D 5 Bytes JMP 8CC2B99C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 8221ACF3 5 Bytes JMP 8CC2B9B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[324] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[324] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[324] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[380] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[380] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[380] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[456] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[456] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[456] KERNEL32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[500] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wininit.exe[500] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[508] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\csrss.exe[508] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\csrss.exe[508] KERNEL32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[548] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 0073005B
.text C:\Windows\system32\services.exe[548] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00730F30
.text C:\Windows\system32\services.exe[548] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00730F41
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 0073009B
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00730F04
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 0073000A
.text C:\Windows\system32\services.exe[548] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00730F1F
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00730025
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00730F52
.text C:\Windows\system32\services.exe[548] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 0073006C
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00730F8D
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00730FAF
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00730F9E
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00730036
.text C:\Windows\system32\services.exe[548] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00730EF3
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00730FD4
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00730FEF
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00190025
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00190F7F
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00190F90
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00190042
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00190000
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00190FD4
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00190FEF
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00190FA1
.text C:\Windows\system32\services.exe[548] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\services.exe[548] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_open 763BA890 5 Bytes JMP 00180FEF
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_wsystem 763EAA4F 5 Bytes JMP 00180FAB
.text C:\Windows\system32\services.exe[548] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00180036
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00180000
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 0018001B
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00180FC6
.text C:\Windows\system32\services.exe[548] WS2_32.dll!socket 77A64358 5 Bytes JMP 00780FEF
.text C:\Windows\system32\winlogon.exe[576] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 001D0F68
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 001D0F17
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 001D0F28
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 001D008C
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 001D0EF5
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!WinExec 773232DF 5 Bytes JMP 001D0F06
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 001D0000
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 001D0053
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 001D0F43
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 001D0036
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 001D0F83
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 001D0025
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 001D0F94
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 001D009D
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 001C0051
.text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 001C006E
.text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 001C0036
.text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 001C0FAB
.text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 001C0014
.text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 001C0FDE
.text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\lsass.exe[600] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 001C0025
.text C:\Windows\system32\lsass.exe[600] msvcrt.dll!_open 763BA890 5 Bytes JMP 001B000C
.text C:\Windows\system32\lsass.exe[600] msvcrt.dll!_wsystem 763EAA4F 5 Bytes JMP 001B0055
.text C:\Windows\system32\lsass.exe[600] msvcrt.dll!system 763EAB6B 5 Bytes JMP 001B0044
.text C:\Windows\system32\lsass.exe[600] msvcrt.dll!_creat 763EE711 5 Bytes JMP 001B0029
.text C:\Windows\system32\lsass.exe[600] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 001B0FD4
.text C:\Windows\system32\lsass.exe[600] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\lsass.exe[600] WS2_32.dll!socket 77A64358 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\lsm.exe[608] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[608] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsm.exe[608] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 01010FB2
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 010100F1
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 010100CC
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 01010F75
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 01010102
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 0101001B
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!WinExec 773232DF 5 Bytes JMP 01010F90
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 01010040
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 01010FA1
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 010100A7
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 01010080
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 01010FC3
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 01010065
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 01010FD4
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 01010F64
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 01010000
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 01010FEF
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_open 763BA890 5 Bytes JMP 00E70FE3
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_wsystem 763EAA4F 2 Bytes JMP 00E70050
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_wsystem + 3 763EAA52 2 Bytes [A8, 8A] {TEST AL, 0x8a}
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00E7003F
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00E7001D
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00E7002E
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00E7000C
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00FC005A
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00FC0077
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00FC0FCF
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00FC0094
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00FC002C
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00FC001B
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00FC000A
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00FC003D
.text C:\Windows\system32\svchost.exe[780] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[780] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\svchost.exe[780] WS2_32.dll!socket 77A64358 5 Bytes JMP 01020000
.text C:\Windows\system32\svchost.exe[780] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[780] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[780] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 00DE0FCA
.text C:\Windows\system32\svchost.exe[780] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 00DE0FB9
.text C:\Windows\system32\nvvsvc.exe[836] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\nvvsvc.exe[836] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\nvvsvc.exe[836] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00E10F7C
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00E10096
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00E10071
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00E100C2
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00E100B1
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00E10FD4
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00E10F2B
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00E10FC3
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00E10F50
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00E10F61
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00E10056
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00E10FA8
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00E10F8D
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00E1002F
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00E10F06
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00E1000A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00E10FE5
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_open 763BA890 5 Bytes JMP 00CB0FEF
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_wsystem 763EAA4F 5 Bytes JMP 00CB0F9F
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00CB0FB0
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00CB0016
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00CB0FC1
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00CB0FDE
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00E00049
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00E00064
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00E00FBE
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00E00FAD
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00E00FCF
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00E00011
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00E00000
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00E0002E
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\svchost.exe[852] WS2_32.dll!socket 77A64358 5 Bytes JMP 00E20000
.text C:\Windows\system32\svchost.exe[852] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00CA0000
.text C:\Windows\system32\svchost.exe[852] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 00CA001B
.text C:\Windows\system32\svchost.exe[852] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 00CA0FE5
.text C:\Windows\system32\svchost.exe[852] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 00CA0036
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00FC006F
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00FC0F47
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00FC0F58
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00FC0F00
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00FC0F1B
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00FC001B
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00FC0F36
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00FC0FD4
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00FC0F69
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00FC0F7A
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00FC0F97
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00FC0FA8
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00FC004A
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00FC0FB9
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00FC00A8
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00FC0FE5
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00FC0000
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_open 763BA890 5 Bytes JMP 00DF0FEF
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_wsystem 763EAA4F 2 Bytes JMP 00DF0038
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_wsystem + 3 763EAA52 2 Bytes [A0, 8A]
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00DF0FAD
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00DF0FC8
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00DF001D
.text C:\Windows\System32\svchost.exe[1008] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00DF000C
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00E00FAF
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00E00F9E
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00E00044
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00E00F8D
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00E00016
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00E00FDE
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00E00FEF
.text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00E00027
.text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\System32\svchost.exe[1008] WS2_32.dll!socket 77A64358 5 Bytes JMP 0105000A
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00310FEF
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 00310FD4
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 00310FB9
.text C:\Windows\System32\svchost.exe[1008] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 0031000A
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00E30F6B
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00E3008C
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00E3007B
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00E30F10
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00E30F2B
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00E30FD4
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00E300A7
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00E30FC3
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00E30F50
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00E30060
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00E30F7C
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00E30039
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00E30F97
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00E30FB2
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00E300B8
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00E3000A
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00E30FEF
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_open 763BA890 5 Bytes JMP 00D40FEF
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_wsystem 763EAA4F 2 Bytes JMP 00D4004B
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_wsystem + 3 763EAA52 2 Bytes [95, 8A]
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00D4003A
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00D40018
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00D40029
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00D40FDE
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00D60044
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00D60055
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00D60033
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00D60066
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00D60011
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00D60FE5
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00D60000
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00D60022
.text C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\System32\svchost.exe[1064] WS2_32.dll!socket 77A64358 5 Bytes JMP 00E40000
.text C:\Windows\System32\svchost.exe[1064] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00D30FE5
.text C:\Windows\System32\svchost.exe[1064] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 00D30FD4
.text C:\Windows\System32\svchost.exe[1064] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 00D3000A
.text C:\Windows\System32\svchost.exe[1064] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 00D30FC3
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00FA0F83
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00FA0089
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00FA0F43
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00FA009A
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00FA0F0D
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00FA0FE5
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00FA0F28
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00FA0036
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00FA0F54
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00FA006E
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00FA005D
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00FA0FB9
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00FA0F94
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00FA0FCA
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00FA00B5
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00FA0011
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00FA0000
.text C:\Windows\system32\svchost.exe[1076] msvcrt.dll!_open 763BA890 5 Bytes JMP 00F80FEF
.text C:\Windows\system32\svchost.exe[1076] msvcrt.dll!_wsystem 763EAA4F 5 Bytes JMP 00F80FA6
.text C:\Windows\system32\svchost.exe[1076] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00F80031
.text C:\Windows\system32\svchost.exe[1076] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00F80FD2
.text C:\Windows\system32\svchost.exe[1076] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00F80FC1
.text C:\Windows\system32\svchost.exe[1076] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00F8000C
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00F90F95
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00F90F78
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00F90020
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00F90047
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00F90FCD
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00F90FDE
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00F90FEF
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00F90FBC
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\svchost.exe[1076] WS2_32.dll!socket 77A64358 5 Bytes JMP 01050FEF
.text C:\Windows\system32\svchost.exe[1076] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00F70FEF
.text C:\Windows\system32\svchost.exe[1076] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 00F70014
.text C:\Windows\system32\svchost.exe[1076] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 00F70025
.text C:\Windows\system32\svchost.exe[1076] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 00F70040
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00850058
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00850F41
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00850F5C
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 008500C7
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 008500AC
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00850025
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00850F30
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00850036
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00850F6D
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00850073
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00850F8A
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00850047
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00850FA5
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00850FCA
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 008500E2
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_open 763BA890 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wsystem 763EAA4F 5 Bytes JMP 00220F86
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00220FA1
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00220011
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00220FBC
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00220FD7
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00230F97
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00230F86
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00230FB2
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00230049
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00230022
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00230011
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00230000
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00230FC3
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\svchost.exe[1176] WS2_32.dll!socket 77A64358 5 Bytes JMP 00860000
.text C:\Windows\system32\svchost.exe[1176] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[1176] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 00210025
.text C:\Windows\system32\svchost.exe[1176] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[1176] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 00210040
.text C:\Program Files\Bonjour\mDNSResponder.exe[1204] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1204] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1204] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00E40F72
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00E40F2E
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00E40F3F
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00E40F02
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00E400A3
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00E40FCA
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00E40F1D
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00E4001B
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00E40F50
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00E40F61
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00E4004C
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00E40FA8
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00E40F8D
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00E40FB9
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00E400B4
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00E40000
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00E40FEF
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!_open 763BA890 5 Bytes JMP 00DE000C
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!_wsystem 763EAA4F 5 Bytes JMP 00DE0FA6
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00DE0031
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00DE0FD2
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00DE0FC1
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00E30070
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00E30097
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00E3005F
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00E30FC8
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00E30031
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00E30014
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00E30FEF
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00E3004E
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\svchost.exe[1216] WS2_32.dll!socket 77A64358 5 Bytes JMP 00E90FE5
.text C:\Windows\system32\svchost.exe[1216] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00D90FEF
.text C:\Windows\system32\svchost.exe[1216] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 00D90014
.text C:\Windows\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 00D90FDE
.text C:\Windows\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 00D90FCD
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00E40F84
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00E40F55
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00E400A5
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00E400C0
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00E40F33
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00E4002F
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00E40F44
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00E40FDE
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00E40094
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00E40079
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00E40FA1
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00E40054
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00E40FB2
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00E40FCD
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00E400D1
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00E40014
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00E40FEF
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_open 763BA890 5 Bytes JMP 00E20FE3
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_wsystem 763EAA4F 2 Bytes JMP 00E20027
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_wsystem + 3 763EAA52 2 Bytes [A3, 8A]
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00E20016
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00E20FC1
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00E20FB0
.text C:\Windows\system32\svchost.exe[1324] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00E20FD2
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00E30F9C
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00E30F8B
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00E30027
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00E30F7A
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00E30016
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00E30FD4
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00E30FEF
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00E30FC3
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\svchost.exe[1324] WS2_32.dll!socket 77A64358 5 Bytes JMP 00E50FEF
.text C:\Windows\system32\svchost.exe[1324] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00E10FEF
.text C:\Windows\system32\svchost.exe[1324] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 00E10FDE
.text C:\Windows\system32\svchost.exe[1324] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 00E10FC3
.text C:\Windows\system32\svchost.exe[1324] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 00E10FA8
.text C:\Windows\system32\rundll32.exe[1368] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\rundll32.exe[1368] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\rundll32.exe[1368] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1408] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1408] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1408] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\spoolsv.exe[1580] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1580] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\spoolsv.exe[1580] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 012C0F86
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 012C0F50
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 012C0F6B
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 012C0F1D
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 012C0F2E
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 012C0FCD
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!WinExec 773232DF 5 Bytes JMP 012C0F3F
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 012C0FBC
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 012C008C
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 012C007B
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 012C0060
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 012C0032
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 012C0043
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 012C0FA1
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 012C00CF
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 012C0FDE
.text C:\Windows\system32\svchost.exe[1608] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 012C0FEF
.text C:\Windows\system32\svchost.exe[1608] msvcrt.dll!_open 763BA890 5 Bytes JMP 01160000
.text C:\Windows\system32\svchost.exe[1608] msvcrt.dll!_wsystem 763EAA4F 2 Bytes JMP 0116004B
.text C:\Windows\system32\svchost.exe[1608] msvcrt.dll!_wsystem + 3 763EAA52 2 Bytes [D7, 8A]
.text C:\Windows\system32\svchost.exe[1608] msvcrt.dll!system 763EAB6B 5 Bytes JMP 0116003A
.text C:\Windows\system32\svchost.exe[1608] msvcrt.dll!_creat 763EE711 5 Bytes JMP 01160FDE
.text C:\Windows\system32\svchost.exe[1608] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 01160029
.text C:\Windows\system32\svchost.exe[1608] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 01160FEF
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 012B0027
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 012B0038
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 012B0016
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 012B0049
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 012B0FC3
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 012B0FD4
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 012B0FEF
.text C:\Windows\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 012B0FA6
.text C:\Windows\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\svchost.exe[1608] WS2_32.dll!socket 77A64358 5 Bytes JMP 012D0000
.text C:\Windows\system32\svchost.exe[1608] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 01110FEF
.text C:\Windows\system32\svchost.exe[1608] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 01110FDE
.text C:\Windows\system32\svchost.exe[1608] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 01110FC3
.text C:\Windows\system32\svchost.exe[1608] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 01110FB2
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[1672] KERNEL32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[1672] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[1672] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lxbkcoms.exe[1752] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lxbkcoms.exe[1752] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lxbkcoms.exe[1752] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1760] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1760] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1760] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1760] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1760] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[1968] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[1968] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[1968] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[1968] USER32.dll!SetWindowPos 776A969F 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1968] USER32.dll!SetWindowPos + 4 776A96A3 2 Bytes [12, 5F]
.text C:\Windows\system32\taskeng.exe[1968] USER32.dll!SetForegroundWindow 776AAA8C 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\taskeng.exe[1968] USER32.dll!ChangeDisplaySettingsExA 776CD7CD 6 Bytes JMP 5F140F5A
.text C:\Windows\system32\taskeng.exe[1968] USER32.dll!ChangeDisplaySettingsExW 776E470F 6 Bytes JMP 5F170F5A
.text C:\Windows\system32\Dwm.exe[1976] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[1976] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[1976] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00C10F4B
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00C10F04
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00C10F15
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00C10ECE
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00C10EDF
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00C10FC3
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00C10065
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00C1000A
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00C1004A
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00C10F30
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00C10025
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00C10F8D
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!LoadLibraryExA 77349A6E 1 Byte [E9]
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00C10F72
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00C10F9E
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00C10080
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00C10FD4
.text C:\Windows\Explorer.EXE[2040] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00C10FEF
.text C:\Windows\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00C00F95
.text C:\Windows\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00C00031
.text C:\Windows\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00C00FA6
.text C:\Windows\Explorer.EXE[2040] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00C0004E
.text C:\Windows\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00C0000A
.text C:\Windows\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00C00FD4
.text C:\Windows\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00C00FEF
.text C:\Windows\Explorer.EXE[2040] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00C00FB7
.text C:\Windows\Explorer.EXE[2040] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[2040] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\Explorer.EXE[2040] msvcrt.dll!_open 763BA890 5 Bytes JMP 00AB0FEF
.text C:\Windows\Explorer.EXE[2040] msvcrt.dll!_wsystem 763EAA4F 2 Bytes JMP 00AB001D
.text C:\Windows\Explorer.EXE[2040] msvcrt.dll!_wsystem + 3 763EAA52 2 Bytes [6C, 8A]
.text C:\Windows\Explorer.EXE[2040] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00AB0F92
.text C:\Windows\Explorer.EXE[2040] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00AB0FC1
.text C:\Windows\Explorer.EXE[2040] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00AB000C
.text C:\Windows\Explorer.EXE[2040] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00AB0FD2
.text C:\Windows\Explorer.EXE[2040] WS2_32.dll!socket 77A64358 5 Bytes JMP 00C30FE5
.text C:\Windows\Explorer.EXE[2040] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 01EF0FEF
.text C:\Windows\Explorer.EXE[2040] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 01EF0FCA
.text C:\Windows\Explorer.EXE[2040] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 01EF0000
.text C:\Windows\Explorer.EXE[2040] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 01EF0FAF
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2068] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2068] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2068] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2108] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2108] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2108] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00D50F99
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00D50F37
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00D50F48
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00D500D8
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00D500B3
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00D50FDB
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00D500A2
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00D50036
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00D50F63
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00D50F7E
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00D50FAA
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00D50058
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00D50069
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00D50047
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00D500E9
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00D5001B
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00D5000A
.text C:\Windows\system32\svchost.exe[2156] msvcrt.dll!_open 763BA890 5 Bytes JMP 00D30FEF
.text C:\Windows\system32\svchost.exe[2156] msvcrt.dll!_wsystem 763EAA4F 5 Bytes JMP 00D30F84
.text C:\Windows\system32\svchost.exe[2156] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00D30F9F
.text C:\Windows\system32\svchost.exe[2156] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00D30FC1
.text C:\Windows\system32\svchost.exe[2156] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00D30FB0
.text C:\Windows\system32\svchost.exe[2156] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00D30FD2
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00D40036
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00D40051
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00D40025
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00D40F8E
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00D40FC1
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00D40FDE
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00D40FEF
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00D40014
.text C:\Windows\system32\svchost.exe[2156] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2156] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\svchost.exe[2156] WS2_32.dll!socket 77A64358 5 Bytes JMP 00D60FEF
.text C:\Windows\system32\svchost.exe[2156] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00990000
.text C:\Windows\system32\svchost.exe[2156] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 00990FE5
.text C:\Windows\system32\svchost.exe[2156] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 00990011
.text C:\Windows\system32\svchost.exe[2156] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 00990022
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2256] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2256] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2256] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2524] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2524] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2524] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2540] kernel32.dll!CreateThread + 1A 773637F9 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2744] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2744] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2744] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2760] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2760] kernel32.dll!CreateThread + 1A 773637F9 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2760] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2760] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 0002006E
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 000200AB
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00020F6F
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00020F14
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00020F2F
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00020FD1
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00020F4A
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00020FC0
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 0002009A
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00020089
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00020F94
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00020047
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00020FA5
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00020036
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00020EF9
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00020011
.text C:\Windows\system32\svchost.exe[2772] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00020000
.text C:\Windows\system32\svchost.exe[2772] msvcrt.dll!_open 763BA890 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[2772] msvcrt.dll!_wsystem 763EAA4F 5 Bytes JMP 00060F9C
.text C:\Windows\system32\svchost.exe[2772] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00060027
.text C:\Windows\system32\svchost.exe[2772] msvcrt.dll!_creat 763EE711 5 Bytes JMP 00060FB7
.text C:\Windows\system32\svchost.exe[2772] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00060016
.text C:\Windows\system32\svchost.exe[2772] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00060FDE
.text C:\Windows\system32\svchost.exe[2772] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00070016
.text C:\Windows\system32\svchost.exe[2772] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00070033
.text C:\Windows\system32\svchost.exe[2772] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00070F8B
.text C:\Windows\system32\svchost.exe[2772] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00070044
.text C:\Windows\system32\svchost.exe[2772] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[2772] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[2772] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[2772] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00070F9C
.text C:\Windows\system32\svchost.exe[2772] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2772] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\system32\svchost.exe[2772] WS2_32.dll!socket 77A64358 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\svchost.exe[2772] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[2772] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 0012001B
.text C:\Windows\system32\svchost.exe[2772] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 0012002C
.text C:\Windows\system32\svchost.exe[2772] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 00120047
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00020F9E
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00020F61
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 0002009D
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!CreateProcessW 77321D27 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00020F2B
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 000200C2
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00020FE5
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00020F50
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00020040
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00020F7C
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00020F8D
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00020FAF
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00020062
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00020FCA
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00020051
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00020F1A
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 0002001B
.text C:\Windows\System32\svchost.exe[2800] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 0002000A
.text C:\Windows\System32\svchost.exe[2800] msvcrt.dll!_open 763BA890 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2800] msvcrt.dll!_wsystem 763EAA4F 2 Bytes JMP 00060038
.text C:\Windows\System32\svchost.exe[2800] msvcrt.dll!_wsystem + 3 763EAA52 2 Bytes [C7, 89]
.text C:\Windows\System32\svchost.exe[2800] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00060FAD
.text C:\Windows\System32\svchost.exe[2800] msvcrt.dll!_creat 763EE711 5 Bytes JMP 0006001D
.text C:\Windows\System32\svchost.exe[2800] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00060FBE
.text C:\Windows\System32\svchost.exe[2800] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 0006000C
.text C:\Windows\System32\svchost.exe[2800] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00070F90
.text C:\Windows\System32\svchost.exe[2800] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00070036
.text C:\Windows\System32\svchost.exe[2800] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00070FA1
.text C:\Windows\System32\svchost.exe[2800] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00070053
.text C:\Windows\System32\svchost.exe[2800] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00070FC8
.text C:\Windows\System32\svchost.exe[2800] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[2800] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[2800] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[2800] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2800] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0B0F5A
.text C:\Windows\System32\svchost.exe[2800] WS2_32.dll!socket 77A64358 5 Bytes JMP 007F0FEF
.text C:\Windows\System32\svchost.exe[2800] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00820FE5
.text C:\Windows\System32\svchost.exe[2800] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 00820000
.text C:\Windows\System32\svchost.exe[2800] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 00820011
.text C:\Windows\System32\svchost.exe[2800] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 00820FCA
.text C:\Windows\system32\SearchIndexer.exe[2840] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[2840] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\SearchIndexer.exe[2840] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2892] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2892] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\DRIVERS\xaudio.exe[2892] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\WUDFHost.exe[3152] kernel32.dll!LoadLibraryExW 773495A7 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[3152] USER32.dll!SetWindowsHookExA 7769891A 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\WUDFHost.exe[3152] USER32.dll!SetWindowsHookExW 7769913D 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 000200AC
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00020F81
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00020F92
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 00020F55
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 00020F70
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00020FE5
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!WinExec 773232DF 5 Bytes JMP 000200EC
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00020FD4
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 000200BD
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00020FAD
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00020091
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 0002005B
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00020076
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00020040
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00020107
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 0002001B
.text C:\Windows\system32\svchost.exe[3896] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 00020000
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_open 763BA890 5 Bytes JMP 0006000C
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_wsystem 763EAA4F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_wsystem + 3 763EAA52 2 Bytes [C7, 89]
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00060FC8
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_creat 763EE711 5 Bytes JMP 0006002E
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00060FD9
.text C:\Windows\system32\svchost.exe[3896] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 0006001D
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 0007001B
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00070F75
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00070F9A
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00070F58
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[3896] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00070FAB
.text C:\Windows\system32\svchost.exe[3896] WS2_32.dll!socket 77A64358 5 Bytes JMP 000B000A
.text C:\Windows\system32\svchost.exe[3896] WININET.dll!InternetOpenA 7603D6C0 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[3896] WININET.dll!InternetOpenW 7603DB39 5 Bytes JMP 0017001B
.text C:\Windows\system32\svchost.exe[3896] WININET.dll!InternetOpenUrlA 7603F3D4 5 Bytes JMP 0017002C
.text C:\Windows\system32\svchost.exe[3896] WININET.dll!InternetOpenUrlW 76086DD7 5 Bytes JMP 0017003D
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!VirtualProtect 773218BF 5 Bytes JMP 00010051
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!GetStartupInfoW 7732191A 5 Bytes JMP 00010091
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!GetStartupInfoA 773219B8 5 Bytes JMP 00010F41
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateProcessW 77321D27 5 Bytes JMP 000100C7
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateProcessA 77321D5C 5 Bytes JMP 000100AC
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateNamedPipeA 77322484 5 Bytes JMP 00010025
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!WinExec 773232DF 5 Bytes JMP 00010F30
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateNamedPipeW 7732EDFE 5 Bytes JMP 00010036
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreatePipe 7733B0AF 5 Bytes JMP 00010062
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!VirtualProtectEx 773460AB 5 Bytes JMP 00010F5C
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!LoadLibraryExW 773495A7 5 Bytes JMP 00010F83
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!LoadLibraryW 7734971F 5 Bytes JMP 00010FB9
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!LoadLibraryExA 77349A6E 5 Bytes JMP 00010F94
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!LoadLibraryA 77349A96 5 Bytes JMP 00010FCA
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!GetProcAddress 77364110 5 Bytes JMP 00010F15
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateFileW 7736866C 5 Bytes JMP 00010FEF
.text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateFileA 77368CA4 5 Bytes JMP 0001000A
.text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!_open 763BA890 5 Bytes JMP 0006000C
.text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!_wsystem 763EAA4F 5 Bytes JMP 00060FB7
.text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!system 763EAB6B 5 Bytes JMP 00060042
.text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!_creat 763EE711 5 Bytes JMP 0006001D
.text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!_wcreat 763EF9C6 5 Bytes JMP 00060FC8
.text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!_wopen 763EFBA1 5 Bytes JMP 00060FEF
.text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegCreateKeyW 77278229 5 Bytes JMP 00070FC6
.text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegCreateKeyExA 77283941 5 Bytes JMP 00070078
.text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegCreateKeyA 77283B9F 5 Bytes JMP 00070047
.text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegCreateKeyExW 772904A2 5 Bytes JMP 00070FB5
.text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegOpenKeyExA 77290DDF 5 Bytes JMP 00070036
.text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegOpenKeyW 77297B8D 5 Bytes JMP 00070025
.text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegOpenKeyA 7729EAEA 5 Bytes JMP 00070000
.text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegOpenKeyExW 772A5ECD 5 Bytes JMP 00070FE3
.text C:\Windows\system32\wuauclt.exe[4232] WS2_32.dll!socket 77A64358 5 Bytes JMP 00090FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\lsass.exe[600] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\lsass.exe[600] @ C:\Windows\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\lsass.exe[600] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\lsass.exe[600] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\lsass.exe[600] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\lsass.exe[600] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\lsass.exe[600] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[780] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1008] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1008] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1008] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1008] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1008] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1064] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1064] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1064] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1064] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1064] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1064] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1064] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1064] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1064] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[1064] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1076] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1076] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1076] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1076] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1076] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1176] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1176] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1176] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1176] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1176] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1176] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1176] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1216] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1324] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1324] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1608] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1608] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1608] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1608] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1608] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1608] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1608] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1608] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1608] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[1608] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[2040] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2156] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2156] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2156] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2156] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2156] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2156] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2156] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2156] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2156] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2156] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2540] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2540] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2760] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2760] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Windows\system32\svchost.exe[2772] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2772] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2772] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2772] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2772] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\svchost.exe[2772] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[2800] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[2800] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[2800] @ C:\Windows\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[2800] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[2800] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[2800] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[2800] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\System32\svchost.exe[2800] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\system32\SearchProtocolHost.exe[5256] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6F37D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[5256] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6F37D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[5256] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6F37D6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcfgnghjhbhfnpicwrpgsucicmxrmobfen.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [780] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcfgnghjhbhfnpicwrpgsucicmxrmobfen.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcussofgtkvxsffbygomxfdqeqnvruvpjm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcfgnghjhbhfnpicwrpgsucicmxrmobfen.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcussofgtkvxsffbygomxfdqeqnvruvpjm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcfgnghjhbhfnpicwrpgsucicmxrmobfen.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcussofgtkvxsffbygomxfdqeqnvruvpjm.dll
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcfgnghjhbhfnpicwrpgsucicmxrmobfen.dll
Reg HKLM\SYSTEM\ControlSet004\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcussofgtkvxsffbygomxfdqeqnvruvpjm.dll
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcfgnghjhbhfnpicwrpgsucicmxrmobfen.dll
Reg HKLM\SYSTEM\ControlSet005\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcussofgtkvxsffbygomxfdqeqnvruvpjm.dll
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcfgnghjhbhfnpicwrpgsucicmxrmobfen.dll
Reg HKLM\SYSTEM\ControlSet006\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcussofgtkvxsffbygomxfdqeqnvruvpjm.dll
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcfgnghjhbhfnpicwrpgsucicmxrmobfen.dll
Reg HKLM\SYSTEM\ControlSet007\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxcussofgtkvxsffbygomxfdqeqnvruvpjm.dll

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys 48128 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\gxvxccount 4 bytes
File C:\Windows\System32\gxvxcfgnghjhbhfnpicwrpgsucicmxrmobfen.dll 22529 bytes executable
File C:\Windows\System32\gxvxcussofgtkvxsffbygomxfdqeqnvruvpjm.dll 27649 bytes executable

---- EOF - GMER 1.0.15 ----

Here is my new DDS log

DDS (Ver_09-05-14.01) - NTFSx86
Run by Richard at 14:26:39.00 on Tue 06/16/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1982.924 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Users\Richard\AppData\Roaming\mjusbsp\magicJack.exe
C:\Users\Richard\Desktop\444iwxxq.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Richard\Desktop\dds.scr
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070730
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070730
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7370F91F-6994-4595-9949-601FA2261C8D} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [cdloader] "c:\users\richard\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-3 130936]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-30 29744]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2007-12-5 20640]
S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\system32\drivers\usb8023.sys [2006-11-2 14848]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-7-30 129832]

=============== Created Last 30 ================

2009-06-16 09:13 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 09:13 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 09:13 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-16 09:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 09:13 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-11 02:00 2,028,032 a------- c:\windows\system32\win32k.sys
2009-06-11 02:00 696,832 a------- c:\windows\system32\localspl.dll
2009-06-08 12:15 819,200 a------- c:\windows\system32\xvidcore.dll
2009-06-08 12:15 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-06-08 12:15 77,824 a------- c:\windows\system32\xvid.ax
2009-06-08 12:15 <DIR> --d----- c:\program files\Xvid
2009-06-04 11:03 <DIR> --d----- c:\program files\iPod
2009-06-04 11:03 <DIR> --d----- c:\program files\iTunes
2009-06-03 13:42 <DIR> --d----- c:\program files\Trend Micro
2009-06-03 13:40 <DIR> --d-h--- c:\windows\PIF
2009-06-03 01:46 179,704 a---h--- c:\windows\system32\mlfcache.dat
2009-06-03 01:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-03 01:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-03 01:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-03 01:11 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-03 01:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-03 01:11 <DIR> --d----- c:\users\richard\appdata\roaming\PC Tools
2009-06-03 01:11 <DIR> --d----- c:\programdata\PC Tools
2009-06-03 01:11 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-03 01:11 <DIR> --d----- c:\progra~2\PC Tools
2009-06-03 01:03 414,480,582 a------- c:\windows\MEMORY.DMP
2009-06-03 00:56 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-03 00:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-03 00:56 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-21 14:02 56,597 a------- c:\programdata\nvModes.dat
2009-05-21 14:02 56,597 a------- c:\progra~2\nvModes.dat
2009-05-21 13:17 <DIR> --d----- C:\NVIDIA
2009-05-21 13:13 <DIR> --d----- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2009-06-04 10:54 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-04 10:54 86,016 a------- c:\windows\inf\infstor.dat
2009-06-04 10:54 51,200 a------- c:\windows\inf\infpub.dat
2009-05-09 03:01 268,800 a------- c:\windows\system32\es.dll
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-08 03:03 174 a--sh--- c:\program files\desktop.ini
2009-05-08 02:45 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-08 01:34 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-08 01:34 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-08 01:34 272,896 a------- c:\windows\system32\polstore.dll
2009-05-08 01:34 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-08 01:30 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-08 01:30 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-05-08 01:30 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-08 01:28 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-05-08 01:28 205,824 a------- c:\windows\system32\msoeacct.dll
2009-05-08 01:28 87,040 a------- c:\windows\system32\msoert2.dll
2009-05-08 01:26 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-05-08 01:26 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-05-08 01:26 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-05-08 01:26 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-05-08 01:26 542,720 a------- c:\windows\system32\sysmain.dll
2009-05-08 01:26 502,784 a------- c:\windows\system32\wlansvc.dll
2009-05-08 01:26 297,984 a------- c:\windows\system32\wlansec.dll
2009-05-08 01:26 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-05-08 01:26 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-05-08 01:26 47,104 a------- c:\windows\system32\wlanapi.dll
2009-05-08 01:24 194,560 a------- c:\windows\system32\WebClnt.dll
2009-05-08 01:24 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-05-08 01:18 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-08 01:14 297,472 a------- c:\windows\system32\gdi32.dll
2009-05-08 01:12 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-05-08 01:12 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-05-08 01:10 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-08 01:08 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-05-08 01:08 30,208 a------- c:\windows\system32\xolehlp.dll
2009-05-08 01:02 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-08 01:02 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-08 01:02 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-05-08 01:02 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-05-08 01:02 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-08 01:02 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-08 01:02 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-08 01:02 1,687,040 a------- c:\windows\system32\gameux.dll
2009-05-08 00:59 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-08 00:57 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-05-08 00:57 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-08 00:55 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-05-08 00:54 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-05-08 00:54 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-05-08 00:54 86,016 a------- c:\windows\system32\icfupgd.dll
2009-05-08 00:54 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-05-08 00:54 16,896 a------- c:\windows\system32\wfapigp.dll
2009-05-08 00:53 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-05-08 00:53 61,952 a------- c:\windows\system32\cmifw.dll
2009-05-08 00:53 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-05-08 00:53 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-05-08 00:49 2,048 a------- c:\windows\system32\tzres.dll
2009-05-08 00:45 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-05-08 00:45 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-08 00:45 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-08 00:33 110,136 a------- c:\windows\system32\drivers\ataport.sys
2009-05-08 00:33 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-05-08 00:33 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-05-08 00:33 15,928 a------- c:\windows\system32\drivers\pciide.sys
2009-05-08 00:33 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-05-08 00:33 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-05-08 00:29 2,923,520 a------- c:\windows\explorer.exe
2009-05-08 00:20 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-05-08 00:20 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-05-08 00:20 24,064 a------- c:\windows\system32\netcfg.exe
2009-05-08 00:20 22,016 a------- c:\windows\system32\netiougc.exe
2009-05-08 00:20 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-05-08 00:10 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-05-08 00:08 595,456 a------- c:\windows\system32\schedsvc.dll
2009-05-08 00:08 495,160 a------- c:\windows\system32\drivers\Wdf01000.sys
2009-05-08 00:08 35,384 a------- c:\windows\system32\drivers\WdfLdr.sys
2009-05-08 00:08 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-05-08 00:08 35,328 a------- c:\windows\system32\dispci.dll
2009-05-08 00:08 12,800 a------- c:\windows\system32\batt.dll
2009-05-08 00:08 34,360 a------- c:\windows\system32\drivers\mouclass.sys
2009-05-08 00:08 19,968 a------- c:\windows\system32\drivers\sermouse.sys
2009-05-08 00:08 15,872 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-08 00:08 54,784 a------- c:\windows\system32\drivers\i8042prt.sys
2009-05-08 00:08 35,384 a------- c:\windows\system32\drivers\kbdclass.sys
2009-05-08 00:08 15,872 a------- c:\windows\system32\drivers\kbdhid.sys
2009-05-07 23:42 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-05-07 23:42 2,048 a------- c:\windows\system32\asferror.dll
2009-05-07 23:42 223,232 a------- c:\windows\system32\WMASF.DLL
2009-05-07 23:36 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-05-07 23:36 72,704 a------- c:\windows\system32\secur32.dll
2009-05-07 23:36 7,680 a------- c:\windows\system32\lsass.exe
2009-05-07 23:35 25,600 a------- c:\windows\system32\amxread.dll
2009-05-07 23:35 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-07 23:35 14,848 a------- c:\windows\system32\apilogen.dll
2009-05-07 23:30 223,232 a------- c:\windows\system32\SLC.dll
2009-05-07 23:30 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-05-07 23:30 33,280 a------- c:\windows\system32\slwmi.dll
2009-05-07 23:30:08 A------- 566,784 c:\windows\system32\SLCommDlg.dll
2008-11-19 15:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-19 15:51 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-19 15:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-09-21 14:37 80 a--shr-- c:\windows\system32\8556520F18.dll
2007-07-30 16:21 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:28:07.90 ===============

Attached Files

Attach.txt 5.25KB 8 downloads

#9 Tokek

Bleepin' Gecko

Members
1,213 posts
OFFLINE

Gender:Male
Location:Jakarta, Indonesia
Local time:07:21 PM

Posted 17 June 2009 - 02:10 AM

Hello prvtdncr36,

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new DDS log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

If ComboFix refuses to run, rename combofix.exe to something else and re-run it.

Edited by Tokek, 17 June 2009 - 02:10 AM.

If I have not replied back to your post in 3 days, please send me a PM.

#10 prvtdncr36

Topic Starter

Members
19 posts
OFFLINE

Gender:Male
Local time:11:21 PM

Posted 17 June 2009 - 12:36 PM

Here is the ComboFix log

ComboFix 09-06-16.05 - Richard 06/17/2009 13:09.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1982.1315 [GMT -4:00]
Running from: c:\users\Richard\Desktop\1454.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcqsuxjqsacycmmwxfikivjmaqvtwuplir.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxcfgnghjhbhfnpicwrpgsucicmxrmobfen.dll
c:\windows\system32\gxvxcussofgtkvxsffbygomxfdqeqnvruvpjm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS

((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-17 17:22 . 2009-06-17 17:22 -------- d-----w- c:\users\Richard\AppData\Local\temp
2009-06-17 17:22 . 2009-06-17 17:22 -------- d-----w- c:\users\Lori\AppData\Local\temp
2009-06-17 16:49 . 2009-06-17 16:50 -------- d-s---w- C:\Wakko
2009-06-16 17:45 . 2009-04-10 13:58 6327408 ---ha-w- c:\users\Richard\AppData\Roaming\mjusbsp\in00000\setup.exe
2009-06-16 17:45 . 2009-04-10 13:55 725296 ---ha-w- c:\users\Richard\AppData\Roaming\mjusbsp\ar00000\install.exe
2009-06-16 13:13 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 13:13 . 2009-06-16 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 13:13 . 2009-06-16 13:13 -------- d-----w- c:\programdata\Malwarebytes
2009-06-16 13:13 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 06:00 . 2009-04-21 12:04 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 06:00 . 2009-04-23 12:56 696832 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 05:59 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-11 05:59 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-11 05:59 . 2009-04-23 13:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-08 16:15 . 2009-06-08 16:15 -------- d-----w- c:\program files\Xvid
2009-06-08 16:15 . 2009-06-07 20:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-08 16:15 . 2009-06-07 20:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-08 15:48 . 2009-04-10 13:58 6327408 ---ha-w- c:\users\Richard\AppData\Roaming\mjusbsp\Upgrade\setup2.exe
2009-06-08 15:48 . 2009-04-10 13:55 725296 ---ha-w- c:\users\Richard\AppData\Roaming\mjusbsp\Upgrade\install2.exe
2009-06-08 15:47 . 2009-06-08 15:47 -------- d-----w- c:\users\Richard\AppData\Local\magicJack
2009-06-04 15:03 . 2009-06-04 15:03 -------- d-----w- c:\program files\iPod
2009-06-04 15:03 . 2009-06-04 15:04 -------- d-----w- c:\program files\iTunes
2009-06-04 14:59 . 2009-06-04 15:00 -------- d-----w- c:\program files\QuickTime
2009-06-04 14:50 . 2009-06-04 14:50 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 17:42 . 2009-06-03 17:42 -------- d-----w- c:\program files\Trend Micro
2009-06-03 17:40 . 2009-06-03 17:40 -------- d--h--w- c:\windows\PIF
2009-06-03 17:18 . 2009-06-03 17:18 -------- d-----w- c:\users\Richard\AppData\Local\Apps
2009-06-03 05:46 . 2009-06-03 05:46 179704 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-03 05:11 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-03 05:11 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-03 05:11 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-03 05:11 . 2009-06-03 05:12 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-03 05:11 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-03 05:11 . 2009-06-17 12:09 -------- d-----w- c:\program files\Spyware Doctor
2009-06-03 05:11 . 2009-06-03 05:11 -------- d-----w- c:\users\Richard\AppData\Roaming\PC Tools
2009-06-03 05:11 . 2009-06-03 05:11 -------- d-----w- c:\programdata\PC Tools
2009-06-03 04:56 . 2009-06-03 05:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-03 04:56 . 2009-06-03 04:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-02 16:51 . 2009-06-02 16:51 -------- d-----w- c:\users\Richard\AppData\Local\Downloaded Installations
2009-06-02 16:32 . 2009-06-02 16:32 -------- d-----w- c:\users\Richard\AppData\Local\MigWiz
2009-05-21 17:17 . 2009-05-21 17:17 -------- d-----w- C:\NVIDIA
2009-05-21 17:13 . 2009-05-21 17:13 -------- d-----w- c:\program files\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 17:46 . 2009-04-10 19:10 -------- d-----w- c:\users\Richard\AppData\Roaming\mjusbsp
2009-06-16 17:02 . 2008-12-03 22:04 -------- d-----w- c:\users\Richard\AppData\Roaming\LimeWire
2009-06-13 21:00 . 2008-04-06 21:05 -------- d-----w- c:\program files\Safari
2009-06-11 07:08 . 2007-07-30 13:05 -------- d-----w- c:\program files\Microsoft Works
2009-06-04 15:03 . 2007-08-21 21:13 -------- d-----w- c:\program files\Common Files\Apple
2009-06-03 17:51 . 2007-09-11 19:57 1356 ----a-w- c:\users\Richard\AppData\Local\d3d9caps.dat
2009-06-03 04:12 . 2008-11-25 18:01 -------- d-----w- c:\users\Richard\AppData\Roaming\McAfee
2009-06-03 04:11 . 2008-11-25 03:38 -------- d-----w- c:\programdata\McAfee
2009-06-03 03:53 . 2007-07-30 12:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 03:53 . 2009-04-27 14:56 -------- d-----w- c:\users\Richard\AppData\Roaming\DataCast
2009-05-22 07:03 . 2007-09-13 00:24 -------- d-----w- c:\programdata\NVIDIA
2009-05-22 07:00 . 2009-05-21 18:02 56597 ----a-w- c:\programdata\nvModes.dat
2009-05-19 15:47 . 2008-09-15 21:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-14 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 07:01 . 2009-05-09 07:01 268800 ----a-w- c:\windows\system32\es.dll
2009-05-08 06:54 . 2008-12-16 05:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-08 06:50 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-08 06:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-08 06:45 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-08 05:34 . 2009-05-08 05:34 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-05-08 05:34 . 2009-05-08 05:34 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-08 05:34 . 2009-05-08 05:34 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-05-08 05:34 . 2009-05-08 05:34 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-08 05:30 . 2009-05-08 05:30 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-08 05:30 . 2009-05-08 05:30 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-05-08 05:30 . 2009-05-08 05:30 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-05-08 05:28 . 2009-05-08 05:28 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-05-08 05:28 . 2009-05-08 05:28 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-05-08 05:28 . 2009-05-08 05:28 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-05-08 05:27 . 2007-08-31 19:31 -------- d-----w- c:\programdata\Microsoft Help
2009-05-08 05:26 . 2009-05-08 05:26 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-05-08 05:26 . 2009-05-08 05:26 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2009-05-08 05:26 . 2009-05-08 05:26 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2009-05-08 05:26 . 2009-05-08 05:26 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2009-05-08 05:26 . 2009-05-08 05:26 542720 ----a-w- c:\windows\system32\sysmain.dll
2009-05-08 05:26 . 2009-05-08 05:26 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-05-08 05:26 . 2009-05-08 05:26 502784 ----a-w- c:\windows\system32\wlansvc.dll
2009-05-08 05:26 . 2009-05-08 05:26 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-05-08 05:26 . 2009-05-08 05:26 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-05-08 05:26 . 2009-05-08 05:26 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-05-08 05:24 . 2009-05-08 05:24 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-05-08 05:24 . 2009-05-08 05:24 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-05-08 05:18 . 2009-05-08 05:18 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-08 05:14 . 2009-05-08 05:14 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-05-08 05:12 . 2009-05-08 05:12 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-05-08 05:12 . 2009-05-08 05:12 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2009-05-08 05:10 . 2009-05-08 05:10 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-08 05:08 . 2009-05-08 05:08 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-08 05:08 . 2009-05-08 05:08 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-08 05:02 . 2009-05-08 05:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-08 05:02 . 2009-05-08 05:02 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-08 05:02 . 2009-05-08 05:02 1687040 ----a-w- c:\windows\system32\gameux.dll
2009-05-08 04:59 . 2009-05-08 04:59 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-05-08 04:57 . 2009-05-08 04:57 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-08 04:57 . 2009-05-08 04:57 1194496 ----a-w- c:\windows\system32\msxml3.dll
2009-05-08 04:55 . 2009-05-08 04:55 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2009-05-08 04:54 . 2009-05-08 04:54 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-05-08 04:54 . 2009-05-08 04:54 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-05-08 04:54 . 2009-05-08 04:54 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-05-08 04:54 . 2009-05-08 04:54 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-05-08 04:54 . 2009-05-08 04:54 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-05-08 04:53 . 2009-05-08 04:53 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-05-08 04:53 . 2009-05-08 04:53 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-05-08 04:53 . 2009-05-08 04:53 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-05-08 04:53 . 2009-05-08 04:53 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-05-08 04:49 . 2009-05-08 04:49 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-08 04:45 . 2009-05-08 04:45 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-05-08 04:45 . 2009-05-08 04:45 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-05-08 04:45 . 2009-05-08 04:45 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-05-08 04:33 . 2009-05-08 04:33 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2009-05-08 04:33 . 2009-05-08 04:33 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-05-08 04:33 . 2009-05-08 04:33 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2009-05-08 04:33 . 2009-05-08 04:33 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2009-05-08 04:33 . 2009-05-08 04:33 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2009-05-08 04:33 . 2009-05-08 04:33 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-05-08 04:29 . 2009-05-08 04:29 2923520 ----a-w- c:\windows\explorer.exe
2009-05-08 04:20 . 2009-05-08 04:20 24064 ----a-w- c:\windows\system32\netcfg.exe
2009-05-08 04:20 . 2009-05-08 04:20 216632 ----a-w- c:\windows\system32\drivers\netio.sys
2009-05-08 04:20 . 2009-05-08 04:20 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-05-08 04:20 . 2009-05-08 04:20 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-05-08 04:20 . 2009-05-08 04:20 803328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-08 04:10 . 2009-05-08 04:10 1585664 ----a-w- c:\windows\system32\setupapi.dll
2009-05-08 04:08 . 2009-05-08 04:08 595456 ----a-w- c:\windows\system32\schedsvc.dll
2009-05-08 04:08 . 2009-05-08 04:08 495160 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2009-05-08 04:08 . 2009-05-08 04:08 35384 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2009-05-08 04:08 . 2009-05-08 04:08 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-05-08 04:08 . 2009-05-08 04:08 35328 ----a-w- c:\windows\system32\dispci.dll
2009-05-08 04:08 . 2009-05-08 04:08 12800 ----a-w- c:\windows\system32\batt.dll
2009-05-08 04:08 . 2009-05-08 04:08 34360 ----a-w- c:\windows\system32\drivers\mouclass.sys
2009-05-08 04:08 . 2009-05-08 04:08 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys
2009-05-08 04:08 . 2009-05-08 04:08 15872 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-08 04:08 . 2009-05-08 04:08 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2009-05-08 04:08 . 2009-05-08 04:08 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2009-05-08 04:08 . 2009-05-08 04:08 15872 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-05-08 03:42 . 2009-05-08 03:42 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2009-05-08 03:42 . 2009-05-08 03:42 2048 ----a-w- c:\windows\system32\asferror.dll
2009-05-08 03:42 . 2009-05-08 03:42 223232 ----a-w- c:\windows\system32\WMASF.DLL
2009-05-08 03:36 . 2009-05-08 03:36 7680 ----a-w- c:\windows\system32\lsass.exe
2009-05-08 03:36 . 2009-05-08 03:36 72704 ----a-w- c:\windows\system32\secur32.dll
2009-05-08 03:36 . 2009-05-08 03:36 1233408 ----a-w- c:\windows\system32\lsasrv.dll
2007-09-21 18:37 . 2007-09-21 18:36 80 --sha-r- c:\windows\System32\8556520F18.dll
2007-07-30 20:21 . 2007-07-30 20:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-01 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"cdloader"="c:\users\Richard\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-07-08 99608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-30 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"e7379556-8fe7-4637-88a3-1c46b69dcd42"= UDP:13741:Limewire 1
"1157b977-9119-468e-be3f-e579fe4a992b"= TCP:13741:Limewire 2
"b01cf328-0fa9-4eb6-9c9f-edc8cedcbbba"= %ProgramFiles%\LimeWire\LimeWire.exe:Limewire
"2330fc17-9bc5-4249-a333-5dc4a36f4e45"= UDP:6346:Limewire 3
"7110e3f6-bf22-403d-9eaf-173b96b3c4d5"= TCP:6346:Limewire 4
"{4C0E6633-F21D-4ECF-9EEE-B615F3DEE0BB}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CD5AF404-BEDE-4AE4-AB9A-88CB33BC883D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{5A6ED9BB-278A-4CBC-89BE-94355CE84BBD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B7D3D8C2-8933-463F-9D3F-51E21F5F5AB9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BA8F907A-B74C-43D7-A02F-3C9ED589299F}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{E6DB6904-AFB9-475A-AB97-425CCBA124C9}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{0AB2F390-3A9E-4224-8205-8DC176830DB2}"= UDP:c:\program files\8BallClub\GameDirector.exe:8BallClub Game
"{CE19ABF4-4D6A-4FE4-9105-AFFF0DD8AC2F}"= TCP:c:\program files\8BallClub\GameDirector.exe:8BallClub Game
"{B517CA32-A4C9-4B56-A713-5B493D8E26A9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A354F584-7FBF-45D4-8CBF-75B682CF3674}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/3/2009 1:11 AM 130936]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2/25/2009 6:06 PM 13088]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/3/2009 1:11 AM 348752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/30/2007 9:11 AM 29744]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 4:47 PM 20640]
S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\System32\drivers\usb8023.sys [11/2/2006 4:57 AM 14848]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-01-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-25 18:32]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-25 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 13:22
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-17 13:25
ComboFix-quarantined-files.txt 2009-06-17 17:25

Pre-Run: 96,309,596,160 bytes free
Post-Run: 97,024,819,200 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,3,4,5,6,7
374 --- E O F --- 2009-06-11 07:12

Here is the new DDS log

DDS (Ver_09-05-14.01) - NTFSx86
Run by Richard at 13:31:58.38 on Wed 06/17/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1982.1080 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Safari\Safari.exe
C:\Users\Richard\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [cdloader] "c:\users\richard\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-3 130936]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2007-12-5 20640]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-7-30 129832]

=============== Created Last 30 ================

2009-06-17 13:25 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-17 12:57 161,792 a------- c:\windows\SWREG.exe
2009-06-17 12:57 155,136 a------- c:\windows\PEV.exe
2009-06-17 12:57 98,816 a------- c:\windows\sed.exe
2009-06-17 12:57 <DIR> --ds---- C:\1454
2009-06-17 12:49 <DIR> --ds---- C:\Wakko
2009-06-16 09:13 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 09:13 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 09:13 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-16 09:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 09:13 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-11 02:00 2,028,032 a------- c:\windows\system32\win32k.sys
2009-06-11 02:00 696,832 a------- c:\windows\system32\localspl.dll
2009-06-08 12:15 819,200 a------- c:\windows\system32\xvidcore.dll
2009-06-08 12:15 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-06-08 12:15 77,824 a------- c:\windows\system32\xvid.ax
2009-06-08 12:15 <DIR> --d----- c:\program files\Xvid
2009-06-04 11:03 <DIR> --d----- c:\program files\iPod
2009-06-04 11:03 <DIR> --d----- c:\program files\iTunes
2009-06-03 13:42 <DIR> --d----- c:\program files\Trend Micro
2009-06-03 13:40 <DIR> --d-h--- c:\windows\PIF
2009-06-03 01:46 179,704 a---h--- c:\windows\system32\mlfcache.dat
2009-06-03 01:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-03 01:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-03 01:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-03 01:11 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-03 01:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-03 01:11 <DIR> --d----- c:\users\richard\appdata\roaming\PC Tools
2009-06-03 01:11 <DIR> --d----- c:\programdata\PC Tools
2009-06-03 01:11 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-03 01:11 <DIR> --d----- c:\progra~2\PC Tools
2009-06-03 01:03 414,480,582 a------- c:\windows\MEMORY.DMP
2009-06-03 00:56 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-03 00:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-03 00:56 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-21 14:02 56,597 a------- c:\programdata\nvModes.dat
2009-05-21 14:02 56,597 a------- c:\progra~2\nvModes.dat
2009-05-21 13:17 <DIR> --d----- C:\NVIDIA
2009-05-21 13:13 <DIR> --d----- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2009-06-04 10:54 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-04 10:54 86,016 a------- c:\windows\inf\infstor.dat
2009-06-04 10:54 51,200 a------- c:\windows\inf\infpub.dat
2009-05-09 03:01 268,800 a------- c:\windows\system32\es.dll
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-08 03:03 174 a--sh--- c:\program files\desktop.ini
2009-05-08 02:45 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-08 01:34 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-08 01:34 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-08 01:34 272,896 a------- c:\windows\system32\polstore.dll
2009-05-08 01:34 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-08 01:30 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-08 01:30 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-05-08 01:30 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-08 01:28 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-05-08 01:28 205,824 a------- c:\windows\system32\msoeacct.dll
2009-05-08 01:28 87,040 a------- c:\windows\system32\msoert2.dll
2009-05-08 01:26 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-05-08 01:26 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-05-08 01:26 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-05-08 01:26 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-05-08 01:26 542,720 a------- c:\windows\system32\sysmain.dll
2009-05-08 01:26 502,784 a------- c:\windows\system32\wlansvc.dll
2009-05-08 01:26 297,984 a------- c:\windows\system32\wlansec.dll
2009-05-08 01:26 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-05-08 01:26 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-05-08 01:26 47,104 a------- c:\windows\system32\wlanapi.dll
2009-05-08 01:24 194,560 a------- c:\windows\system32\WebClnt.dll
2009-05-08 01:24 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-05-08 01:18 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-08 01:14 297,472 a------- c:\windows\system32\gdi32.dll
2009-05-08 01:12 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-05-08 01:12 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-05-08 01:10 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-08 01:08 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-05-08 01:08 30,208 a------- c:\windows\system32\xolehlp.dll
2009-05-08 01:02 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-08 01:02 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-08 01:02 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-05-08 01:02 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-05-08 01:02 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-08 01:02 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-08 01:02 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-08 01:02 1,687,040 a------- c:\windows\system32\gameux.dll
2009-05-08 00:59 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-08 00:57 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-05-08 00:57 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-08 00:55 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-05-08 00:54 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-05-08 00:54 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-05-08 00:54 86,016 a------- c:\windows\system32\icfupgd.dll
2009-05-08 00:54 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-05-08 00:54 16,896 a------- c:\windows\system32\wfapigp.dll
2009-05-08 00:53 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-05-08 00:53 61,952 a------- c:\windows\system32\cmifw.dll
2009-05-08 00:53 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-05-08 00:53 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-05-08 00:49 2,048 a------- c:\windows\system32\tzres.dll
2009-05-08 00:45 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-05-08 00:45 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-08 00:45 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-08 00:33 110,136 a------- c:\windows\system32\drivers\ataport.sys
2009-05-08 00:33 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-05-08 00:33 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-05-08 00:33 15,928 a------- c:\windows\system32\drivers\pciide.sys
2009-05-08 00:33 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-05-08 00:33 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-05-08 00:29 2,923,520 a------- c:\windows\explorer.exe
2009-05-08 00:20 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-05-08 00:20 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-05-08 00:20 24,064 a------- c:\windows\system32\netcfg.exe
2009-05-08 00:20 22,016 a------- c:\windows\system32\netiougc.exe
2009-05-08 00:20 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-05-08 00:10 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-05-08 00:08 595,456 a------- c:\windows\system32\schedsvc.dll
2009-05-08 00:08 495,160 a------- c:\windows\system32\drivers\Wdf01000.sys
2009-05-08 00:08 35,384 a------- c:\windows\system32\drivers\WdfLdr.sys
2009-05-08 00:08 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-05-08 00:08 35,328 a------- c:\windows\system32\dispci.dll
2009-05-08 00:08 12,800 a------- c:\windows\system32\batt.dll
2009-05-08 00:08 34,360 a------- c:\windows\system32\drivers\mouclass.sys
2009-05-08 00:08 19,968 a------- c:\windows\system32\drivers\sermouse.sys
2009-05-08 00:08 15,872 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-08 00:08 54,784 a------- c:\windows\system32\drivers\i8042prt.sys
2009-05-08 00:08 35,384 a------- c:\windows\system32\drivers\kbdclass.sys
2009-05-08 00:08 15,872 a------- c:\windows\system32\drivers\kbdhid.sys
2009-05-07 23:42 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-05-07 23:42 2,048 a------- c:\windows\system32\asferror.dll
2009-05-07 23:42 223,232 a------- c:\windows\system32\WMASF.DLL
2009-05-07 23:36 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-05-07 23:36 72,704 a------- c:\windows\system32\secur32.dll
2009-05-07 23:36 7,680 a------- c:\windows\system32\lsass.exe
2009-05-07 23:35 25,600 a------- c:\windows\system32\amxread.dll
2009-05-07 23:35 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-07 23:35 14,848 a------- c:\windows\system32\apilogen.dll
2009-05-07 23:30 223,232 a------- c:\windows\system32\SLC.dll
2009-05-07 23:30 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-05-07 23:30 33,280 a------- c:\windows\system32\slwmi.dll
2009-05-07 23:30:08 A------- 566,784 c:\windows\system32\SLCommDlg.dll
2008-11-19 15:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-19 15:51 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-19 15:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-09-21 14:37 80 a--shr-- c:\windows\system32\8556520F18.dll
2007-07-30 16:21 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:33:43.22 ===============

Attached Files

Attach.txt 9.58KB 9 downloads

#11 Tokek

Bleepin' Gecko

Members
1,213 posts
OFFLINE

Gender:Male
Location:Jakarta, Indonesia
Local time:07:21 PM

Posted 17 June 2009 - 02:12 PM

Hello prvtdncr36,

Go ahead and try installing and running MBAM again.

Please post the MBAM log, a new DDS log and description of any remaining problems.

If I have not replied back to your post in 3 days, please send me a PM.

#12 prvtdncr36

Topic Starter

Members
19 posts
OFFLINE

Gender:Male
Local time:11:21 PM

Posted 17 June 2009 - 05:05 PM

Here is the MBAM log

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.0.6000

6/17/2009 5:58:44 PM
mbam-log-2009-06-17 (17-58-33).txt

Scan type: Quick Scan
Objects scanned: 79641
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb05bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\Windows\System32\SysRestore.dll (Adware.Ascentive) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\SysRestore.dll (Adware.Ascentive) -> No action taken.

Here is the new DDS log

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.0.6000

6/17/2009 5:58:44 PM
mbam-log-2009-06-17 (17-58-33).txt

Scan type: Quick Scan
Objects scanned: 79641
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb05bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\Windows\System32\SysRestore.dll (Adware.Ascentive) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\SysRestore.dll (Adware.Ascentive) -> No action taken.

Attached Files

Attach.txt 9.58KB 7 downloads

#13 Tokek

Bleepin' Gecko

Members
1,213 posts
OFFLINE

Gender:Male
Location:Jakarta, Indonesia
Local time:07:21 PM

Posted 17 June 2009 - 05:39 PM

Please re-run MBAM and have it clean the infected items.

Post reply with a new MBAM log and a new DDS log.

Edited by Tokek, 17 June 2009 - 06:51 PM.

If I have not replied back to your post in 3 days, please send me a PM.

#14 prvtdncr36

Topic Starter

Members
19 posts
OFFLINE

Gender:Male
Local time:11:21 PM

Posted 18 June 2009 - 02:02 PM

Here is the new MBAM log

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.0.6000

6/18/2009 2:48:30 PM
mbam-log-2009-06-18 (14-48-30).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 199912
Time elapsed: 1 hour(s), 34 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\ascentive\pc speedscan pro\PCSpeedScan.exe (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.
c:\program files\ascentive\pc speedscan pro\SSRes.dll (Rogue.SpywareStop) -> Quarantined and deleted successfully.
c:\program files\ascentive\performance center\APCLang.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
c:\program files\ascentive\performance center\ApcMain.exe (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

I removed the 4 infected files and ran the DDS program. Here is that log.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Richard at 14:57:56.51 on Thu 06/18/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1982.1185 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Users\Richard\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
C:\Users\Richard\AppData\Roaming\mjusbsp\magicJack.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Users\Richard\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [cdloader] "c:\users\richard\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - hxxp://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-3 130936]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-3 348752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-30 29744]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2007-12-5 20640]
S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\system32\drivers\usb8023.sys [2006-11-2 14848]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-7-30 129832]

=============== Created Last 30 ================

2009-06-17 15:37 <DIR> --d----- c:\users\richard\appdata\roaming\Malwarebytes
2009-06-17 13:25 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-17 12:57 161,792 a------- c:\windows\SWREG.exe
2009-06-17 12:57 98,816 a------- c:\windows\sed.exe
2009-06-17 12:57 <DIR> --ds---- C:\1454
2009-06-17 12:49 <DIR> --ds---- C:\Wakko
2009-06-16 09:13 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 09:13 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 09:13 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-16 09:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 09:13 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-11 02:00 2,028,032 a------- c:\windows\system32\win32k.sys
2009-06-11 02:00 696,832 a------- c:\windows\system32\localspl.dll
2009-06-08 12:15 819,200 a------- c:\windows\system32\xvidcore.dll
2009-06-08 12:15 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-06-08 12:15 77,824 a------- c:\windows\system32\xvid.ax
2009-06-08 12:15 <DIR> --d----- c:\program files\Xvid
2009-06-04 11:03 <DIR> --d----- c:\program files\iPod
2009-06-04 11:03 <DIR> --d----- c:\program files\iTunes
2009-06-03 13:42 <DIR> --d----- c:\program files\Trend Micro
2009-06-03 13:40 <DIR> --d-h--- c:\windows\PIF
2009-06-03 01:46 179,704 a---h--- c:\windows\system32\mlfcache.dat
2009-06-03 01:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-03 01:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-03 01:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-03 01:11 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-03 01:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-03 01:11 <DIR> --d----- c:\users\richard\appdata\roaming\PC Tools
2009-06-03 01:11 <DIR> --d----- c:\programdata\PC Tools
2009-06-03 01:11 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-03 01:11 <DIR> --d----- c:\progra~2\PC Tools
2009-06-03 01:03 414,480,582 a------- c:\windows\MEMORY.DMP
2009-06-03 00:56 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-03 00:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-03 00:56 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-21 14:02 56,597 a------- c:\programdata\nvModes.dat
2009-05-21 14:02 56,597 a------- c:\progra~2\nvModes.dat
2009-05-21 13:17 <DIR> --d----- C:\NVIDIA
2009-05-21 13:13 <DIR> --d----- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2009-06-04 10:54 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-04 10:54 86,016 a------- c:\windows\inf\infstor.dat
2009-06-04 10:54 51,200 a------- c:\windows\inf\infpub.dat
2009-05-09 03:01 268,800 a------- c:\windows\system32\es.dll
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-08 03:03 174 a--sh--- c:\program files\desktop.ini
2009-05-08 02:45 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-08 01:34 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-05-08 01:34 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-05-08 01:34 272,896 a------- c:\windows\system32\polstore.dll
2009-05-08 01:34 61,440 a------- c:\windows\system32\winipsec.dll
2009-05-08 01:30 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-05-08 01:30 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-05-08 01:30 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-08 01:28 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-05-08 01:28 205,824 a------- c:\windows\system32\msoeacct.dll
2009-05-08 01:28 87,040 a------- c:\windows\system32\msoert2.dll
2009-05-08 01:26 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-05-08 01:26 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-05-08 01:26 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-05-08 01:26 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-05-08 01:26 542,720 a------- c:\windows\system32\sysmain.dll
2009-05-08 01:26 502,784 a------- c:\windows\system32\wlansvc.dll
2009-05-08 01:26 297,984 a------- c:\windows\system32\wlansec.dll
2009-05-08 01:26 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-05-08 01:26 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-05-08 01:26 47,104 a------- c:\windows\system32\wlanapi.dll
2009-05-08 01:24 194,560 a------- c:\windows\system32\WebClnt.dll
2009-05-08 01:24 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-05-08 01:18 376,832 a------- c:\windows\system32\winhttp.dll
2009-05-08 01:14 297,472 a------- c:\windows\system32\gdi32.dll
2009-05-08 01:12 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-05-08 01:12 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-05-08 01:10 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-08 01:08 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-05-08 01:08 30,208 a------- c:\windows\system32\xolehlp.dll
2009-05-08 01:02 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-05-08 01:02 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-05-08 01:02 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-05-08 01:02 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-05-08 01:02 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-05-08 01:02 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-05-08 01:02 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-08 01:02 1,687,040 a------- c:\windows\system32\gameux.dll
2009-05-08 00:59 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-05-08 00:57 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-05-08 00:57 2,048 a------- c:\windows\system32\msxml3r.dll
2009-05-08 00:55 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-05-08 00:54 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-05-08 00:54 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-05-08 00:54 86,016 a------- c:\windows\system32\icfupgd.dll
2009-05-08 00:54 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-05-08 00:54 16,896 a------- c:\windows\system32\wfapigp.dll
2009-05-08 00:53 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-05-08 00:53 61,952 a------- c:\windows\system32\cmifw.dll
2009-05-08 00:53 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-05-08 00:53 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-05-08 00:49 2,048 a------- c:\windows\system32\tzres.dll
2009-05-08 00:45 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-05-08 00:45 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-08 00:45 4,096 a------- c:\windows\system32\dxmasf.dll
2009-05-08 00:33 110,136 a------- c:\windows\system32\drivers\ataport.sys
2009-05-08 00:33 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-05-08 00:33 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-05-08 00:33 15,928 a------- c:\windows\system32\drivers\pciide.sys
2009-05-08 00:33 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-05-08 00:33 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-05-08 00:29 2,923,520 a------- c:\windows\explorer.exe
2009-05-08 00:20 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-05-08 00:20 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-05-08 00:20 24,064 a------- c:\windows\system32\netcfg.exe
2009-05-08 00:20 22,016 a------- c:\windows\system32\netiougc.exe
2009-05-08 00:20 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-05-08 00:10 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-05-08 00:08 595,456 a------- c:\windows\system32\schedsvc.dll
2009-05-08 00:08 495,160 a------- c:\windows\system32\drivers\Wdf01000.sys
2009-05-08 00:08 35,384 a------- c:\windows\system32\drivers\WdfLdr.sys
2009-05-08 00:08 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-05-08 00:08 35,328 a------- c:\windows\system32\dispci.dll
2009-05-08 00:08 12,800 a------- c:\windows\system32\batt.dll
2009-05-08 00:08 34,360 a------- c:\windows\system32\drivers\mouclass.sys
2009-05-08 00:08 19,968 a------- c:\windows\system32\drivers\sermouse.sys
2009-05-08 00:08 15,872 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-08 00:08 54,784 a------- c:\windows\system32\drivers\i8042prt.sys
2009-05-08 00:08 35,384 a------- c:\windows\system32\drivers\kbdclass.sys
2009-05-08 00:08 15,872 a------- c:\windows\system32\drivers\kbdhid.sys
2009-05-07 23:42 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-05-07 23:42 2,048 a------- c:\windows\system32\asferror.dll
2009-05-07 23:42 223,232 a------- c:\windows\system32\WMASF.DLL
2009-05-07 23:36 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-05-07 23:36 72,704 a------- c:\windows\system32\secur32.dll
2009-05-07 23:36 7,680 a------- c:\windows\system32\lsass.exe
2009-05-07 23:35 25,600 a------- c:\windows\system32\amxread.dll
2009-05-07 23:35 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-05-07 23:35 14,848 a------- c:\windows\system32\apilogen.dll
2009-05-07 23:30 223,232 a------- c:\windows\system32\SLC.dll
2009-05-07 23:30 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-05-07 23:30 33,280 a------- c:\windows\system32\slwmi.dll
2009-05-07 23:30:08 A------- 566,784 c:\windows\system32\SLCommDlg.dll
2008-11-19 15:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-19 15:51 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-19 15:51 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-09-21 14:37 80 a--shr-- c:\windows\system32\8556520F18.dll
2007-07-30 16:21 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:00:19.15 ===============

Attached Files

Attach.txt 5.63KB 17 downloads

#15 Tokek

Bleepin' Gecko

Members
1,213 posts
OFFLINE

Gender:Male
Location:Jakarta, Indonesia
Local time:07:21 PM

Posted 19 June 2009 - 10:51 AM

Hello prvtdncr36,

1.

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:

Hide extensions for known file types
Hide protected operating system files (Recommended)

You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:

Show hidden files and folders

Click Apply and then click OK

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.

PC Speedscan Pro
Performance Center

If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Use Windows Explorer to find and delete these folders:

c:\program files\ascentive\

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete

2.

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push