Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware,Malware,Hostredirection


  • Please log in to reply
12 replies to this topic

#1 san_scorpio9

san_scorpio9

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 13 July 2009 - 02:05 PM

Hello there,

I scanned with McAfee but nothing showing up in the scan results,but i'm sure there is something hidden which can't be found with the anti virus.So, i tried scanning with DSS,Gmer and combofix.I'm attaching the scan results in here.Please go through them and help me as soon as you can.I know you guys are very busy with the requests but please please go through my scan reports and help me out.

Thanks in advance
Sandy.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Sandy at 23:18:29.59 on Sun 07/12/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2939.2259 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\HP\HP Quality Center Starter Edition\QCStarter\JBoss\bin\QCJavaService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Sandy\Desktop\dds (1).scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {cb102763-7a8e-41f1-81b2-e47f3145b19d} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat\AcroIEFavClient.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\sandy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
uRun: [RegGenie v2.0 - Trial Expired] "c:\program files\reggenie\RegGenieOnRebootExpired.exe"
uRun: [RegGenie v2.0] "c:\program files\reggenie\RegGenieOnReboot.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\distillr\Acrotray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [jazowohoyu] Rundll32.exe "c:\windows\system32\zatewada.dll",s
mRun: [CPM078fb79e] Rundll32.exe "c:\windows\system32\gagavosu.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: gmail.com\www
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238929790593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {AF7AE598-E5F3-48B7-833D-F98904FCDB17} = 202.88.174.6,202.88.174.8
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\windows\system32\vevinaho.dll c:\windows\system32\ c:\windows\system32\gagavosu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gagavosu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\gagavosu.dll
LSA: Notification Packages = scecli c:\windows\system32\vevinaho.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-2 201320]
R2 HP Quality Center;HP Quality Center;c:\program files\hp\hp quality center starter edition\qcstarter\jboss\bin\QCJavaService.exe [2009-1-5 65536]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-7-2 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2009-7-2 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-30 24652]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-2 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-2 35240]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-4-5 9344]
S2 0170681246563817mcinstcleanup;McAfee Application Installer Cleanup (0170681246563817);c:\docume~1\sandy\locals~1\temp\017068~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\sandy\locals~1\temp\017068~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-4-5 104000]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\nbservice.exe --> c:\program files\common files\nero\nero backitup 4\NBService.exe [?]
S3 {0FD20725-6409-45A8-A508346993949143};{0FD20725-6409-45A8-A508346993949143};c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 {DCBD78C6-C486-4275-B1F373C89DB0CBCC};{DCBD78C6-C486-4275-B1F373C89DB0CBCC};\??\c:\windows\temp\d.tmp --> c:\windows\temp\D.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-6 13224]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-2 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-2 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-2 695624]

=============== Created Last 30 ================

2009-07-12 19:39 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-07-12 19:38 <DIR> --d----- c:\windows\ShellNew
2009-07-12 17:19 11,168 a---h--- c:\windows\system32\tuviyaji
2009-07-12 16:11 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-12 16:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-12 13:48 620 a------- c:\windows\RegGenie.ini
2009-07-12 13:27 161,816 a------- c:\windows\RegGenieOnUninstall.exe
2009-07-12 13:27 <DIR> --d----- c:\program files\RegGenie
2009-07-03 11:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-02 18:37 211 a------- c:\windows\wininit.ini
2009-07-02 15:47 12,639 a------- c:\windows\system32\Config.MPF
2009-07-02 15:47 143,360 a------- c:\windows\system32\dunzip32.dll
2009-07-02 15:43 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-07-02 15:43 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-07-02 15:43 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-07-02 15:43 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-07-02 15:43 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-07-02 15:43 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-07-02 15:43 <DIR> --d----- c:\program files\McAfee.com
2009-07-02 15:43 <DIR> --d----- c:\program files\common files\McAfee
2009-07-02 15:25 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-02 06:05 50,176 ac------ c:\windows\system32\dllcache\proquota.exe
2009-07-02 06:05 50,176 a------- c:\windows\system32\proquota.exe
2009-07-02 06:05 39,424 ac------ c:\windows\system32\dllcache\grpconv.exe
2009-07-02 06:05 39,424 a------- c:\windows\system32\grpconv.exe
2009-07-02 06:03 212,992 a------- c:\windows\PEV.exe
2009-07-02 06:03 161,792 a------- c:\windows\SWREG.exe
2009-07-02 06:03 98,816 a------- c:\windows\sed.exe
2009-07-02 00:25 <DIR> --d----- c:\program files\Microsoft Virtual PC
2009-06-30 18:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-06-30 18:12 <DIR> --d----- c:\program files\Viewpoint
2009-06-30 18:11 <DIR> --d----- c:\program files\common files\AOL
2009-06-30 18:11 459 a---h--- C:\IPH.PH
2009-06-18 02:20 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-18 02:20 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-16 01:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\99782496
2009-06-14 22:00 29 a------- c:\windows\Irremote.ini
2009-06-14 21:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero

==================== Find3M ====================

2009-07-12 17:19 83,968 a--sh--- c:\windows\system32\gagavosu.dll
2009-05-27 18:28 60,744 a------- c:\documents and settings\sandy\g2mdlhlpx.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-04 15:03 59,904 a------- c:\windows\system32\zlib1.dll
2009-05-04 14:53 286,720 a------- c:\windows\system32\libcurl.dll
2009-05-04 14:53 196,608 a------- c:\windows\system32\ssleay32.dll
2009-05-04 14:53 143,360 a------- c:\windows\system32\libexpatw.dll
2009-04-29 00:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 23:19:03.73 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/5/2009 5:02:20 AM
System Uptime: 7/12/2009 7:07:31 PM (4 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel® Pentium® Dual CPU T3200 @ 2.00GHz | N/A | 1994/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 40 GiB total, 17.828 GiB free.
D: is FIXED (NTFS) - 90 GiB total, 42.976 GiB free.
E: is FIXED (NTFS) - 90 GiB total, 2.719 GiB free.
H: is CDROM ()
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Virtual Machine Network Services Driver
Device ID: ROOT\CNTX_VPCNETS2_MP\0001
Manufacturer: Microsoft
Name: Virtual Machine Network Services Driver #2
PNP Device ID: ROOT\CNTX_VPCNETS2_MP\0001
Service: VPCNetS2

==== System Restore Points ===================

RP9: 7/12/2009 1:43:02 AM - System Checkpoint
RP10: 7/12/2009 1:32:44 PM - RegGenie Safe Scan Backup
RP11: 7/12/2009 2:11:25 PM - RegGenie Safe Scan Backup
RP12: 7/12/2009 3:59:18 PM - Removed BusinessObjects Enterprise XI Release 2
RP13: 7/12/2009 7:06:44 PM - RegGenie Safe Scan Backup
RP14: 7/12/2009 7:33:42 PM - Removed Microsoft Office Professional Edition 2003
RP15: 7/12/2009 7:38:22 PM - Installed Microsoft Office XP Professional with FrontPage

==== Installed Programs ======================

Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.0.8 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Software Update
Atheros for Acer Driver v7.6.1.184_Foxconn Installation Program
BitTorrent
BlackBerry Desktop Software 4.2
BusinessObjects Enterprise XI Release 2 Live Office Connector
BusinessObjects XI R2 Monthly Hot Fix 1
Critical Update for Windows Media Player 11 (KB959772)
Crystal Xcelsius Designer 4.5
CrystalXcelsius.WebParts.Container
Google Chrome
GoToMeeting 4.0.0.320
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Quality Center Starter Edition
ImagXpress
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 14
Knowledge Xpert
McAfee SecurityCenter
Memory Stick Icon
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Visio Professional 2003
Microsoft Office XP Professional with FrontPage
Microsoft Script Debugger
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nero 7 Ultra Edition
neroxml
Norton PartitionMagic
Norton PartitionMagic 8.0
Quest Installer
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RegGenie v2.0
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Setting Utility Series
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
Synaptics Pointing Device Driver
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO Control Center
VAIO Event Service
VAIO Power Management
VAIO Update 2
Viewpoint Media Player
VLC media player 0.9.8a
WebFldrs XP
Windows Driver Package - Marvell (yukonwxp) Net (04/04/2008 10.57.3.3)
Windows Driver Package - Ricoh Company (risdptsk) hdc (07/09/2008 6.03.02.20)
Windows Driver Package - Ricoh Company Memorystick Host Controller (06/25/2008 6.03.00.0054)
Windows Driver Package - Ricoh R5U870 (UVC) (09/08/2007 6.1006.209.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wireless LAN Starter
Wireless Switch Setting Utility
Workstream Business Analyst 6.2
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

7/6/2009 6:59:17 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/6/2009 6:59:17 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/6/2009 6:53:53 PM, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
7/6/2009 6:53:53 PM, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
7/6/2009 6:53:53 PM, error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
7/6/2009 6:53:53 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
7/6/2009 6:52:49 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/6/2009 6:52:48 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/6/2009 6:52:48 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/6/2009 6:52:48 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
7/6/2009 6:51:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
7/6/2009 6:50:51 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/6/2009 6:50:51 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/6/2009 6:50:51 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
7/6/2009 6:50:51 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/6/2009 6:47:46 PM, error: Service Control Manager [7024] - The SQL Server (MSSQLSERVER) service terminated with service-specific error 5 (0x5).
7/6/2009 6:47:38 PM, error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: %1 is not a valid Win32 application.
7/6/2009 6:47:38 PM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The system cannot find the file specified.
7/6/2009 6:47:38 PM, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
7/6/2009 1:08:24 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
7/5/2009 7:33:37 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
7/5/2009 4:34:13 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file winlogon.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
7/5/2009 2:49:43 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file explorer.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
7/5/2009 10:49:26 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer YOUR-F42298D1A0 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{471DDB11-10D. The master browser is stopping or an election is being forced.
7/12/2009 3:53:49 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/12/2009 3:30:46 PM, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 5 time(s).
7/12/2009 3:30:46 PM, error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 5 time(s).
7/12/2009 3:30:46 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
7/12/2009 3:29:26 PM, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 4 time(s).
7/12/2009 3:29:26 PM, error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 4 time(s).
7/12/2009 2:31:02 PM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
7/12/2009 1:59:51 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2009 1:58:37 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
7/12/2009 1:58:37 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Network Agent service, but this action failed with the following error: An instance of the service is already running.
7/12/2009 1:57:37 PM, error: Service Control Manager [7022] - The McAfee Real-time Scanner service hung on starting.
7/12/2009 1:49:04 AM, error: Service Control Manager [7034] - The McAfee SystemGuards service terminated unexpectedly. It has done this 3 time(s).
7/12/2009 1:47:18 AM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/11/2009 11:50:31 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer RGR-03F46E80D40 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{471DDB11-10D. The master browser is stopping or an election is being forced.
7/10/2009 11:51:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
7/10/2009 11:51:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
7/10/2009 11:45:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vmm
7/10/2009 11:45:53 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2009 11:45:53 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2009 11:45:53 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/10/2009 11:44:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/10/2009 11:44:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/10/2009 11:44:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================

GMERLOG
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-12 23:48:28
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x9CDA89AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0x9CDA8A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x9CDA8958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x9CDA896C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0x9CDA8A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0x9CDA8A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0x9CDA8AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0x9CDA8AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x9CDA89EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x9CDA8B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0x9CDA8A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x9CDA8930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x9CDA8944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x9CDA89BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0x9CDA8B57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0x9CDA8AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0x9CDA8AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0x9CDA8A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x9CDA8B43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x9CDA8B2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x9CDA8996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x9CDA8982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0x9CDA8A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x9CDA8A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0x9CDA8B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x9CDA8A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x9CDA89D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP 9CDA89D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP 9CDA89AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP 9CDA89EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP 9CDA8A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP 9CDA89C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP 9CDA8934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP 9CDA8948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP 9CDA8986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP 9CDA8970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP 9CDA895C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP 9CDA899A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP 9CDA8A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219E8 7 Bytes JMP 9CDA8AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D36 7 Bytes JMP 9CDA8A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622060 7 Bytes JMP 9CDA8B09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228FE 7 Bytes JMP 9CDA8AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 7 Bytes JMP 9CDA8A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237B0 5 Bytes JMP 9CDA8A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C40 7 Bytes JMP 9CDA8A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E10 3 Bytes JMP 9CDA8A85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey + 4 80623E14 3 Bytes [1C, 90, 90] {SBB AL, 0x90; NOP }
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 7 Bytes JMP 9CDA8AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425A 7 Bytes JMP 9CDA8ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP 9CDA8A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EA8 7 Bytes JMP 9CDA8B5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80625168 5 Bytes JMP 9CDA8B33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585C 5 Bytes JMP 9CDA8B47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625976 5 Bytes JMP 9CDA8B1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00910F5C
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00910F81
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910F9E
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910FAF
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0091004A
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00910F2E
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00910076
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009100A2
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00910F09
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00910EF8
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0091005B
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910FDE
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00910F4B
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0091002F
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00910014
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00910091
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00900FCA
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00900F83
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00900F9E
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00900FAF
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B0, 88] {MOV AL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00900036
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A80042
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A80FB7
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A8000C
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A80027
.text C:\WINDOWS\system32\svchost.exe[228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A80FD2
.text C:\WINDOWS\system32\svchost.exe[228] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[228] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[228] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[228] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00930FB7
.text C:\WINDOWS\system32\svchost.exe[228] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0092000A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011A0FE5
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011A0F41
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011A0F66
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011A0F77
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011A0040
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011A001B
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011A005B
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011A0F1F
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011A0091
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011A0080
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011A00AC
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011A0F94
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011A0FD4
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011A0F30
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011A0FAF
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011A0000
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011A0EF8
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0F94
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF005B
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0025
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0F9A
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FC6
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0FAB
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FE3
.text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F35
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40F50
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40F61
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40F72
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40FA8
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F40073
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40056
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40F06
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F4009F
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F400B0
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40F97
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40045
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F40FB9
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40FD4
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40084
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F30FB6
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F30F80
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F30011
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F30F91
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F30FE5
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F3003D
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F3002C
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F20042
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20FB7
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20FD9
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F20FC8
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20011
.text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80FB6
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B800A1
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80084
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80FC7
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B8004E
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F6F
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F8A
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F43
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F5E
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80F32
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80073
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80011
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F9B
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B8003D
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80022
.text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B800DC
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B7002F
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70F97
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FD4
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70FB2
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70FE5
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B70FC3
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D7, 88]
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B7004A
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60F9C
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60027
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60FB7
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60FE3
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60016
.text C:\WINDOWS\system32\svchost.exe[1084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60FD2
.text C:\WINDOWS\system32\svchost.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0FA6
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB0091
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB0080
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB0065
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB004A
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB00EE
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB00C7
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB0113
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB0F7A
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CB0F5F
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CB0FC3
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CB001B
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CB00B6
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CB0F8B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CA002C
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CA0F9B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CA0058
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CA0047
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CA0FC0
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C90F9C
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C90FB7
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C90FE3
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C90FC8
.text C:\WINDOWS\system32\svchost.exe[1132] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C9001D
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 023D0FEF
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 023D0076
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 023D0065
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 023D004A
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 023D0F8D
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 023D0FAF
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 023D00A2
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 023D0F5C
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 023D00C7
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 023D0F2E
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 023D00D8
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 023D0F9E
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 023D0000
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 023D0087
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 023D0FCA
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 023D001B
.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 023D0F3F
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0036
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0FA5
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B001B
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0062
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009B0051
.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0FCA
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0FC3
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A004E
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0029
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FDE
.text C:\WINDOWS\System32\svchost.exe[1172] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0018
.text C:\WINDOWS\System32\svchost.exe[1172] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00980000
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00990FD4
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00990FE5
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00990016
.text C:\WINDOWS\System32\svchost.exe[1172] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00990FB9
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0080005B
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00800F66
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0080004A
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00800F8D
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0080002F
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00800F2E
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00800076
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00800EF1
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00800F02
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0080009B
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00800F9E
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00800FDE
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00800F4B
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00800FB9
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00800F13
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007F0FC3
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007F0F57
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007F0FD4
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007F0FE5
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007F0F68
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007F0F8D
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9F, 88]
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007F0F9E
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007E004E
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!system 77C293C7 5 Bytes JMP 007E0FC3
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007E0FDE
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007E0000
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007E0033
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1272] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F69
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A0005E
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00F84
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00FA1
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00FC3
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A000A7
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A0008A
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A000D3
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A00F3A
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000EE
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00FB2
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A0006F
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A0002F
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A00FDE
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A000B8
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F001E
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F005E
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FC3
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0F97
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009F002F
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0FA8
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0FA6
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FB7
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0016
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0027
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0FDE
.text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0073
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0062
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0F88
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0051
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE002F
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0F3C
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE008E
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F21
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00BA
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00CB
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0040
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F63
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FD4
.text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE009F
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0FB9
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0047
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0F8A
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[1768] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0FC0
.text C:\WINDOWS\system32\svchost.exe[1768] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC004B
.text C:\WINDOWS\system32\svchost.exe[1768] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0029
.text C:\WINDOWS\system32\svchost.exe[1768] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[1768] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC003A
.text C:\WINDOWS\system32\svchost.exe[1768] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01430000
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01430097
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01430FAC
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0143007A
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01430FBD
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0143004E
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01430F6A
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 014300B2
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014300DE
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014300CD
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01430F34
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0143005F
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01430011
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01430F87
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0143003D
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01430022
.text C:\WINDOWS\Explorer.EXE[1876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01430F4F
.text C:\WINDOWS\Explorer.EXE[1876] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01420FD4
.text C:\WINDOWS\Explorer.EXE[1876] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01420058
.text C:\WINDOWS\Explorer.EXE[1876] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01420FE5
.text C:\WINDOWS\Explorer.EXE[1876] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0142001B
.text C:\WINDOWS\Explorer.EXE[1876] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01420047
.text C:\WINDOWS\Explorer.EXE[1876] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01420000
.text C:\WINDOWS\Explorer.EXE[1876] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01420FA5
.text C:\WINDOWS\Explorer.EXE[1876] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [62, 89]
.text C:\WINDOWS\Explorer.EXE[1876] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01420036
.text C:\WINDOWS\Explorer.EXE[1876] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0141007A
.text C:\WINDOWS\Explorer.EXE[1876] msvcrt.dll!system 77C293C7 5 Bytes JMP 01410FEF
.text C:\WINDOWS\Explorer.EXE[1876] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01410044
.text C:\WINDOWS\Explorer.EXE[1876] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0141000C
.text C:\WINDOWS\Explorer.EXE[1876] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01410055
.text C:\WINDOWS\Explorer.EXE[1876] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0141001D
.text C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00FF000A
.text C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00FF0027
.text C:\WINDOWS\Explorer.EXE[1876] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00FF0038
.text C:\WINDOWS\Explorer.EXE[1876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01480000
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F99
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0084
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0073
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0062
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0047
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00E1
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00C6
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F74
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A010D
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0128
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FB6
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00A9
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[3440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00F2
.text C:\WINDOWS\System32\svchost.exe[3440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FC3
.text C:\WINDOWS\System32\svchost.exe[3440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F72
.text C:\WINDOWS\System32\svchost.exe[3440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029001E
.text C:\WINDOWS\System32\svchost.exe[3440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FDE
.text C:\WINDOWS\System32\svchost.exe[3440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F8D
.text C:\WINDOWS\System32\svchost.exe[3440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[3440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0029002F
.text C:\WINDOWS\System32\svchost.exe[3440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FA8
.text C:\WINDOWS\System32\svchost.exe[3440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0F75
.text C:\WINDOWS\System32\svchost.exe[3440] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0F90
.text C:\WINDOWS\System32\svchost.exe[3440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FC6
.text C:\WINDOWS\System32\svchost.exe[3440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[3440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FA1
.text C:\WINDOWS\System32\svchost.exe[3440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FD7
.text C:\WINDOWS\System32\svchost.exe[3440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

COMBOLOG

ComboFix 09-07-12.03 - Sandy 07/12/2009 23:52.26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2939.2298 [GMT -4:00]
Running from: c:\documents and settings\Sandy\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-12 23:39 . 2009-07-12 23:39 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-12 23:38 . 2009-07-12 23:39 -------- d-----w- c:\windows\ShellNew
2009-07-12 20:11 . 2009-07-12 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:11 . 2009-07-12 20:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-12 17:27 . 2009-07-01 21:13 161816 ----a-w- c:\windows\RegGenieOnUninstall.exe
2009-07-12 17:27 . 2009-07-12 23:06 -------- d-----w- c:\program files\RegGenie
2009-07-08 06:47 . 2009-07-08 06:47 -------- d-----w- c:\documents and settings\Sandy\Local Settings\Application Data\WMTools Downloaded Files
2009-07-08 06:08 . 2009-07-08 06:08 -------- d-----w- c:\documents and settings\Sandy\Application Data\Apple Computer
2009-07-08 05:51 . 2009-07-08 05:52 -------- d-----w- c:\program files\QuickTime
2009-07-08 05:51 . 2009-07-08 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-08 05:51 . 2009-07-08 05:51 -------- d-----w- c:\documents and settings\Sandy\Local Settings\Application Data\Apple
2009-07-08 05:51 . 2009-07-08 05:51 -------- d-----w- c:\program files\Apple Software Update
2009-07-08 05:51 . 2009-07-08 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-08 05:51 . 2009-07-08 05:51 -------- d-----w- c:\documents and settings\Sandy\Local Settings\Application Data\Apple Computer
2009-07-03 15:10 . 2009-07-03 15:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-03 15:01 . 2009-07-03 15:01 -------- d-s---w- c:\documents and settings\Guest\UserData
2009-07-03 05:24 . 2009-07-03 05:24 -------- d-----w- c:\program files\Alwil Software
2009-07-02 19:47 . 2006-03-03 12:07 143360 ----a-w- c:\windows\system32\dunzip32.dll
2009-07-02 19:43 . 2007-11-22 10:44 33832 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-02 19:43 . 2007-12-02 16:51 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-02 19:43 . 2007-11-22 10:44 79304 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-02 19:43 . 2007-11-22 10:44 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-02 19:43 . 2007-11-22 10:44 201320 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-02 19:43 . 2007-07-13 10:20 113952 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-02 19:43 . 2009-07-02 19:43 -------- d-----w- c:\program files\McAfee.com
2009-07-02 19:43 . 2009-07-02 19:43 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-02 10:05 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-02 10:05 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-02 10:05 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-07-02 10:05 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-02 06:42 . 2009-07-02 06:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-02 04:26 . 2009-07-10 21:33 164880 ---ha-w- c:\documents and settings\Sandy\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2009-07-02 04:25 . 2009-07-10 21:22 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-06-30 22:12 . 2009-06-30 22:12 -------- d-----w- c:\documents and settings\Sandy\Local Settings\Application Data\AOL
2009-06-30 22:12 . 2009-06-30 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-30 22:12 . 2009-06-30 22:12 -------- d-----w- c:\program files\Viewpoint
2009-06-30 22:12 . 2009-06-30 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-06-30 22:12 . 2009-06-30 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-30 22:11 . 2009-07-02 22:55 -------- d-----w- c:\program files\Common Files\AOL
2009-06-18 06:20 . 2009-06-18 06:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-18 06:20 . 2009-06-18 06:20 -------- d-----w- c:\program files\Java
2009-06-18 06:20 . 2009-06-18 06:20 152576 ----a-w- c:\documents and settings\Sandy\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-16 05:30 . 2009-06-16 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\99782496
2009-06-15 01:42 . 2009-06-17 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-15 01:42 . 2009-06-17 18:03 -------- d-----w- c:\program files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 02:33 . 2009-04-12 16:15 -------- d-----w- c:\documents and settings\Sandy\Application Data\BitTorrent
2009-07-12 23:34 . 2009-04-05 10:07 -------- d-----w- c:\program files\Microsoft.NET
2009-07-12 21:19 . 2009-04-12 21:19 83968 --sha-w- c:\windows\system32\gagavosu.dll
2009-07-12 20:02 . 2009-04-09 15:36 -------- d-----w- c:\program files\Business Objects
2009-07-12 18:08 . 2009-04-05 09:43 44104 ----a-w- c:\documents and settings\Sandy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 22:25 . 2009-04-05 11:55 -------- d-----w- c:\documents and settings\Sandy\Application Data\vlc
2009-07-02 19:47 . 2009-04-05 16:58 -------- d-----w- c:\program files\McAfee
2009-07-02 19:47 . 2009-04-05 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-02 09:50 . 2009-04-30 19:09 -------- d-----w- c:\program files\Common Files\Quest Shared
2009-07-02 09:49 . 2009-04-30 19:07 -------- d-----w- c:\program files\Quest Software
2009-07-02 09:47 . 2009-04-14 11:28 218 ----a-w- c:\windows\system32\runPublishUtil.bat
2009-07-02 04:45 . 2009-04-14 10:08 -------- d-----w- c:\program files\NotesSQL
2009-07-02 04:45 . 2009-04-05 12:27 -------- d-----w- c:\program files\Nero
2009-07-02 04:45 . 2009-04-05 09:27 -------- d-----w- c:\program files\Atheros
2009-07-02 04:45 . 2009-04-05 09:00 -------- d-----w- c:\program files\microsoft frontpage
2009-06-20 06:50 . 2009-04-06 09:24 -------- d-----w- c:\documents and settings\Sandy\Application Data\AdobeUM
2009-06-15 02:03 . 2009-05-30 03:40 -------- d-----w- c:\documents and settings\Sandy\Application Data\Nero
2009-06-12 22:13 . 2009-06-12 22:13 -------- d-----w- c:\documents and settings\Sandy\Application Data\HP
2009-06-12 22:12 . 2009-06-12 22:12 -------- d-----w- c:\program files\Common Files\Bcgsoft
2009-06-10 23:52 . 2009-06-10 23:52 -------- d-----w- c:\program files\Microsoft Script Debugger
2009-06-10 23:51 . 2004-08-04 00:56 1025 ----a-w- c:\windows\system32\q5ealqp.dll
2009-06-10 23:51 . 2004-08-04 00:56 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-06-10 23:51 . 2004-08-04 00:56 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-06-10 23:51 . 2004-08-04 00:56 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-06-10 23:51 . 2004-08-04 00:56 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-06-10 23:50 . 2009-06-10 23:50 -------- d-----w- c:\program files\Common Files\Mercury Interactive
2009-06-10 23:50 . 2009-06-10 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-10 23:45 . 2009-06-10 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-06-10 23:45 . 2009-06-10 22:43 -------- d-----w- c:\program files\HP
2009-06-10 22:58 . 2009-06-10 22:51 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-10 22:58 . 2009-06-10 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 22:53 . 2009-06-10 22:53 -------- d-----w- c:\program files\MSXML 6.0
2009-06-04 19:10 . 2009-04-06 06:11 -------- d-----w- c:\program files\Yahoo!
2009-06-04 01:39 . 2009-06-04 01:39 -------- d-----w- c:\documents and settings\Sandy\Application Data\Yahoo!
2009-06-03 16:53 . 2009-05-17 04:58 32 --s-a-w- c:\windows\system32\2355762887.dat
2009-05-27 22:28 . 2009-05-27 22:28 -------- d-----w- c:\program files\Citrix
2009-05-27 22:28 . 2009-05-27 22:28 60744 ----a-w- c:\documents and settings\Sandy\g2mdlhlpx.exe
2009-05-14 22:12 . 2009-05-14 22:06 -------- d-----w- c:\documents and settings\Sandy\Application Data\Blackberry Desktop
2009-05-14 22:07 . 2009-05-14 22:07 -------- d-----w- c:\documents and settings\Sandy\Application Data\Research In Motion
2009-05-14 22:06 . 2009-05-14 22:06 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-05-14 22:05 . 2009-05-14 22:05 -------- d-----w- c:\program files\Research In Motion
2009-05-07 15:32 . 2004-08-04 00:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:03 . 2009-05-04 19:03 59904 ----a-w- c:\windows\system32\zlib1.dll
2009-05-04 18:53 . 2009-05-04 18:53 286720 ----a-w- c:\windows\system32\libcurl.dll
2009-05-04 18:53 . 2009-05-04 18:53 196608 ----a-w- c:\windows\system32\ssleay32.dll
2009-05-04 18:53 . 2009-05-04 18:53 143360 ----a-w- c:\windows\system32\libexpatw.dll
2009-04-30 19:17 . 2009-04-30 19:17 46 ----a-w- c:\windows\system32\regset11.dat
2009-04-29 04:46 . 2004-08-04 00:56 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-17 12:26 . 2004-08-03 23:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 00:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[7] 2004-08-04 00:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2004-08-04 00:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 94208]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Sandy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-08 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"RegGenie v2.0"="c:\program files\RegGenie\RegGenieOnReboot.exe" [2009-07-01 480280]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-22 1032192]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Distillr\Acrotray.exe" [2006-01-12 483328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-05 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-20 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-20 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-20 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-20 135680]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"jazowohoyu"="c:\windows\system32\zatewada.dll" [BU]
"CPM078fb79e"="c:\windows\system32\gagavosu.dll" [2009-07-12 83968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-4-5 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\gagavosu.dll" [2009-07-12 83968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gagavosu.dll [2009-07-12 83968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-12-28 11:24 73728 ------w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\system32\gagavosu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=

R2 HP Quality Center;HP Quality Center;c:\program files\HP\HP Quality Center Starter Edition\QCStarter\jboss\bin\QCJavaService.exe [1/5/2009 11:48 PM 65536]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/30/2009 6:12 PM 24652]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [4/5/2009 10:01 AM 9344]
S2 0170681246563817mcinstcleanup;McAfee Application Installer Cleanup (0170681246563817);c:\docume~1\Sandy\LOCALS~1\Temp\017068~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Sandy\LOCALS~1\Temp\017068~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 {0FD20725-6409-45A8-A508346993949143};{0FD20725-6409-45A8-A508346993949143};c:\windows\System32\svchost.exe -k netsvcs [8/3/2004 8:56 PM 14336]
S3 {DCBD78C6-C486-4275-B1F373C89DB0CBCC};{DCBD78C6-C486-4275-B1F373C89DB0CBCC};\??\c:\windows\TEMP\D.tmp --> c:\windows\TEMP\D.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/6/2009 5:16 AM 13224]
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-764733703-682003330-1003Core.job
- c:\documents and settings\Sandy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-08 05:42]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-764733703-682003330-1003UA.job
- c:\documents and settings\Sandy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-08 05:42]

2009-07-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-02 17:32]

2009-07-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-02 17:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{cb102763-7a8e-41f1-81b2-e47f3145b19d} - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: gmail.com\www
TCP: {AF7AE598-E5F3-48B7-833D-F98904FCDB17} = 202.88.174.6,202.88.174.8
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 23:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0FD20725-6409-45A8-A508346993949143}]
"ServiceDll"="c:\docume~1\Sandy\LOCALS~1\Temp\B.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DCBD78C6-C486-4275-B1F373C89DB0CBCC}]
"ImagePath"="\??\c:\windows\TEMP\D.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3292)
c:\windows\system32\gagavosu.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\Sandy\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-07-13 23:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 03:59
ComboFix2.txt 2009-07-12 19:40
ComboFix3.txt 2009-07-12 18:00
ComboFix4.txt 2009-07-12 05:55
ComboFix5.txt 2009-07-13 03:51

Pre-Run: 19,853,611,008 bytes free
Post-Run: 19,839,705,088 bytes free

273 --- E O F --- 2009-06-12 07:00

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 24 July 2009 - 04:31 PM

Hello san_scorpio9

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 san_scorpio9

san_scorpio9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 24 July 2009 - 11:08 PM

Hello Kahdah,

Thank you for your reply.I have done whatever you asked me to.I have attached the scan results here.Please go through them and help me out.

Thanks and regards,
Sandy.

============
OTL
OTL logfile created on: 7/24/2009 9:39:57 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Sandy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 97.64% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 14.71 Gb Free Space | 36.76% Space Free | Partition Type: NTFS
Drive D: | 89.99 Gb Total Space | 38.08 Gb Free Space | 42.32% Space Free | Partition Type: NTFS
Drive E: | 90.00 Gb Total Space | 2.41 Gb Free Space | 2.68% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDY-4CD233BBA
Current User Name: Sandy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\McShield.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Adobe\Distillr\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\System32\igfxext.exe (Intel Corporation)
PRC - C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\BitTorrent\bittorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Documents and Settings\Sandy\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (0170681246563817mcinstcleanup [Auto | Stopped]) -- File not found
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McAfeeFramework [Unknown | Stopped]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\McShield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (msftesql [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
SRV - (MSSQLSERVER [Auto | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Stopped]) -- File not found
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Spooler [Auto | Stopped]) -- File not found
SRV - (SQLBrowser [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (VAIO Event Service [Auto | Running]) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AR5416 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\athw.sys (Atheros Communications, Inc.)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (ggflt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (paldrv [Auto | Running]) -- C:\WINDOWS\System32\pal_drv.sys (Mercury Interactive Corp.)
DRV - (PQNTDrv [System | Running]) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rimsptsk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (risdptsk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\risdptsk.sys (REDC)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SFEP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SFEP.sys (Sony Corporation)
DRV - (SNC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SonyNC.sys (Sony Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (UIUSys [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS (Conexant Systems, Inc)
DRV - (vmm [System | Running]) -- C:\WINDOWS\System32\Drivers\vmm.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/18 02:20:58 | 00,000,000 | ---D | M]


O1 HOSTS File: (146 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.206.201.8 esysprotector.microsoft.com
O1 - Hosts: 91.206.201.8 esysprotector.com
O1 - Hosts: 91.206.201.8 www.esysprotector.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BHOManager Class) - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\System32\BHOManager.dll (Mercury Interactive (Israel) Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {cb102763-7a8e-41f1-81b2-e47f3145b19d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: gmail.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1238929790593 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - C:\Program Files\HP\QuickTest Professional\bin\ielpview.dll (Mercury Interactive (Israel) Ltd.)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vfsp {E4CB5121-E242-11D4-8ED6-00010219EB22} - C:\Program Files\HP\QuickTest Professional\bin\VFSProtocol.dll (Mercury Interactive (Israel) Ltd.)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\WINDOWS\System32\ShellHook.dll (Mercury Interactive (Israel) Ltd.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/05 04:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/07/24 21:35:54 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\hyxp2h6f.exe
[2009/07/24 21:18:57 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandy\Desktop\OTL.exe
[2009/07/24 16:15:58 | 00,006,213 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\InfoPass...htm
[2009/07/24 16:15:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\InfoPass.._files
[2009/07/23 23:28:31 | 00,014,366 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\[Dt]Premadesam(1996) 1.36gb DVD Rip Xvid.torrent
[2009/07/23 23:02:22 | 00,014,245 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\7gbrudanvanacolony.dvdrip.teamsipcyrippers.mp4.torrent
[2009/07/23 19:55:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\DDLJ
[2009/07/23 19:53:14 | 00,010,708 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\DDLJ.torrent
[2009/07/23 03:48:47 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/07/23 03:48:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2009/07/23 03:44:27 | 00,001,092 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTest Professional.lnk
[2009/07/23 03:20:15 | 14,786,31511 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\T6510-15063 (1).zip
[2009/07/23 01:06:07 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/22 15:32:15 | 30,817,97632 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/22 15:16:12 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/22 15:16:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/22 15:16:09 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/22 15:16:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/22 15:11:50 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/22 15:11:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/22 15:11:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/22 15:11:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/22 15:11:50 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/22 15:11:50 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/22 15:11:50 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/22 15:11:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/22 15:11:40 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17610.exe
[2009/07/22 15:11:40 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/07/22 15:02:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/07/22 14:27:20 | 00,000,000 | ---D | C] -- C:\Program Files\hesjer
[2009/07/20 19:03:59 | 00,058,368 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Sandeep_Rayapalli Validations.doc
[2009/07/19 22:09:33 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/07/19 22:08:17 | 10,216,240 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\VeohVideoCompassSetup_eng.exe
[2009/07/18 20:23:51 | 00,200,704 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Reuters_TestHarness_STR.xls
[2009/07/18 20:23:21 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Cycle_Report.xls
[2009/07/18 20:22:45 | 00,217,686 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Part2.zip
[2009/07/18 20:22:27 | 00,443,250 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Part1.zip
[2009/07/16 22:51:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Temp
[2009/07/15 14:25:42 | 01,987,320 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Sys Report
[2009/07/15 13:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009/07/15 13:29:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/07/15 01:22:03 | 24,539,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/14 17:49:32 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/13 17:00:06 | 00,075,264 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\AUPM - OSM Self Help Portal Initial Trial1.2 (3).doc
[2009/07/13 16:59:01 | 00,129,024 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\OSM_testcases1 (1).doc
[2009/07/13 16:52:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\New Folder
[2009/07/13 16:51:51 | 00,156,672 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Copy_Deck_OSM_Self_Help_Portal1.5 (2).ppt
[2009/07/12 23:59:14 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/12 23:23:27 | 03,121,979 | R--- | C] () -- C:\Documents and Settings\Sandy\Desktop\ComboFix.exe
[2009/07/12 19:39:43 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/07/12 19:39:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/07/12 19:38:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2009/07/12 17:19:50 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\tuviyaji
[2009/07/12 16:11:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/12 16:11:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/07/12 13:48:11 | 00,000,620 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2009/07/12 13:27:19 | 00,161,816 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2009/07/12 13:27:15 | 00,000,000 | ---D | C] -- C:\Program Files\RegGenie
[2009/07/12 01:54:05 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/12 01:54:05 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/12 01:54:05 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/12 01:54:05 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/12 01:54:05 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/12 01:54:05 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/12 01:54:05 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/12 01:54:05 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/12 01:54:05 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/12 01:54:05 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/11 16:35:16 | 01,123,840 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\shobha%20facial%20pain[1].ppt
[2009/07/11 10:06:04 | 00,065,024 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Low Back Pain.ppt
[2009/07/10 16:59:54 | 00,002,290 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Google Chrome.lnk
[2009/07/08 02:47:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\WMTools Downloaded Files
[2009/07/08 02:08:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Application Data\Apple Computer
[2009/07/08 01:51:59 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/08 01:51:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/08 01:51:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Apple
[2009/07/08 01:51:42 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/07/08 01:51:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/07/08 01:51:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Apple Computer
[2009/07/06 18:59:19 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/06 18:59:19 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/06 18:59:19 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/06 18:59:19 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/06 18:59:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/06 18:33:36 | 00,086,528 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Sandy QA Resume.doc
[2009/07/06 18:33:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\DESKTOP
[2009/07/03 11:10:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009/07/03 01:24:45 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/02 18:37:15 | 00,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/02 15:47:43 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/02 15:47:17 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dunzip32.dll
[2009/07/02 15:43:46 | 00,033,832 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/07/02 15:43:44 | 00,201,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/07/02 15:43:44 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/07/02 15:43:44 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/07/02 15:43:44 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/07/02 15:43:41 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/07/02 15:43:30 | 00,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/02 15:43:29 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/02 15:43:21 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/07/02 15:43:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/07/02 15:25:27 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/02 15:25:27 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/02 15:25:27 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/02 15:25:27 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/02 15:25:27 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/02 15:25:27 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/02 15:25:27 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/02 15:25:27 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/02 15:25:27 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/02 15:25:27 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/02 15:25:27 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/02 15:25:27 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/02 15:25:27 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/02 15:25:27 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/02 15:25:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/02 15:25:27 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/02 15:25:27 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/02 15:25:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/02 15:25:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/02 06:05:22 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/07/02 06:05:22 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/07/02 06:05:20 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2009/07/02 06:05:20 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grpconv.exe
[2009/07/02 02:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/07/02 00:25:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Virtual PC
[2009/06/30 18:12:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\AOL
[2009/06/30 18:12:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/30 18:12:18 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2009/06/30 18:12:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/06/30 18:12:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/06/30 18:11:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/06/30 18:11:26 | 00,000,459 | -H-- | C] () -- C:\IPH.PH
[2009/06/14 22:00:14 | 00,000,029 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/06/12 18:12:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\flight4a.INI
[2009/06/10 19:50:11 | 00,001,005 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2009/05/14 19:00:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/05/14 18:35:11 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2009/05/04 15:03:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/05/04 14:53:28 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2009/05/04 14:53:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2009/04/14 07:28:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\designer.INI
[2009/04/12 12:00:29 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2009/04/06 08:08:23 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/05 12:58:56 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/04/05 06:08:12 | 00,000,718 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/05 02:18:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2004/08/03 20:56:44 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\q5ealqp.dll
[2004/08/03 20:56:44 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/03 20:56:44 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/03 20:56:44 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/03 20:56:44 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/03 20:56:44 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\gg9cgr5.dll
[2004/08/03 20:56:44 | 00,000,101 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/03 20:56:44 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\zujmcc7.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\y6fu7tx.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\w5vrz2q.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\uqpd6xl.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\tvz8qoc.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\ticx4i3.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\t3sa0we.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\qaerr51.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\pd3o9ux.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\npnumj5.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\l889h3y.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\kmixqv7.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\j8je0n2.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\d73hj5x.dll
[2001/08/23 10:00:00 | 00,000,653 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 10:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/07/29 23:54:34 | 00,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/07/24 21:35:54 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\hyxp2h6f.exe
[2009/07/24 21:18:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandy\Desktop\OTL.exe
[2009/07/24 21:10:42 | 00,013,753 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/24 16:15:57 | 00,006,213 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\InfoPass...htm
[2009/07/23 23:28:31 | 00,014,366 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\[Dt]Premadesam(1996) 1.36gb DVD Rip Xvid.torrent
[2009/07/23 23:02:23 | 00,014,245 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\7gbrudanvanacolony.dvdrip.teamsipcyrippers.mp4.torrent
[2009/07/23 19:53:14 | 00,010,708 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\DDLJ.torrent
[2009/07/23 15:23:50 | 00,000,355 | ---- | M] () -- C:\WINDOWS\System32\gg9cgr5.tgz
[2009/07/23 15:23:50 | 00,000,115 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.tgz
[2009/07/23 15:23:49 | 00,000,101 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.dll
[2009/07/23 15:23:49 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2009/07/23 12:03:16 | 00,002,239 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/07/23 12:02:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/23 12:00:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/23 12:00:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/23 12:00:03 | 30,817,97632 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/23 04:36:43 | 04,316,660 | -H-- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\IconCache.db
[2009/07/23 03:47:47 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2009/07/23 03:47:29 | 00,000,718 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/07/23 03:47:10 | 00,001,005 | ---- | M] () -- C:\WINDOWS\mercury.ini
[2009/07/23 03:44:27 | 00,001,092 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTest Professional.lnk
[2009/07/23 03:33:09 | 14,786,31511 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\T6510-15063 (1).zip
[2009/07/22 15:16:12 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/22 15:12:25 | 00,000,146 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/22 15:12:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/22 15:11:31 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF17610.exe
[2009/07/22 14:19:57 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/21 01:36:39 | 00,083,968 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/20 19:41:18 | 00,058,368 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Sandeep_Rayapalli Validations.doc
[2009/07/19 22:08:17 | 10,216,240 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\VeohVideoCompassSetup_eng.exe
[2009/07/18 20:23:51 | 00,200,704 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Reuters_TestHarness_STR.xls
[2009/07/18 20:23:21 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Cycle_Report.xls
[2009/07/18 20:22:45 | 00,217,686 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Part2.zip
[2009/07/18 20:22:27 | 00,443,250 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Part1.zip
[2009/07/17 00:06:24 | 00,042,944 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/16 22:51:29 | 00,002,290 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Google Chrome.lnk
[2009/07/16 10:47:52 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 14:25:42 | 01,987,320 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Sys Report
[2009/07/15 01:17:39 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/14 17:43:51 | 03,121,979 | R--- | M] () -- C:\Documents and Settings\Sandy\Desktop\ComboFix.exe
[2009/07/13 20:02:40 | 00,007,116 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2009/07/13 17:00:06 | 00,075,264 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\AUPM - OSM Self Help Portal Initial Trial1.2 (3).doc
[2009/07/13 16:59:01 | 00,129,024 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\OSM_testcases1 (1).doc
[2009/07/13 16:51:52 | 00,156,672 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Copy_Deck_OSM_Self_Help_Portal1.5 (2).ppt
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/12 23:56:24 | 00,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/12 19:40:58 | 00,000,653 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/12 19:39:43 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/07/12 19:07:00 | 00,000,620 | ---- | M] () -- C:\WINDOWS\RegGenie.ini
[2009/07/12 17:20:38 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\tuviyaji
[2009/07/12 17:19:33 | 00,000,211 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/07/12 16:19:11 | 00,316,342 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090712-184512.backup
[2009/07/12 15:34:38 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090712-161911.backup
[2009/07/12 00:51:51 | 00,065,024 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Low Back Pain.ppt
[2009/07/11 16:35:16 | 01,123,840 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\shobha%20facial%20pain[1].ppt
[2009/07/10 17:24:03 | 00,579,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/10 17:24:03 | 00,483,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/10 17:24:03 | 00,088,742 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/04 11:48:14 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/02 15:43:30 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/02 05:47:49 | 00,000,218 | ---- | M] () -- C:\WINDOWS\System32\runPublishUtil.bat
[2009/07/01 17:13:16 | 00,161,816 | ---- | M] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2009/06/30 18:12:31 | 00,000,459 | -H-- | M] () -- C:\IPH.PH

========== LOP Check ==========

[2009/07/12 16:11:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/03 11:10:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009/06/16 01:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\99782496
[2009/04/05 05:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/06/10 19:45:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/04/05 09:54:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/04/30 15:11:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2009/04/30 15:07:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2009/06/30 18:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/08 02:08:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sandy\Application Data
[2009/04/25 18:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Ahead
[2009/07/24 21:41:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\BitTorrent
[2009/05/14 18:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Blackberry Desktop
[2009/04/14 06:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Business Objects
[2009/04/30 15:35:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Quest Software
[2009/05/14 18:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Research In Motion
[2009/04/30 15:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Software
[2009/04/14 07:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sandy\Application Data\Xcelsius
[2001/08/23 10:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/15 01:17:39 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/07/02 15:43:30 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/07/23 12:00:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >
========================
OTL Extras
OTL Extras logfile created on: 7/24/2009 9:39:57 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Sandy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 97.64% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 14.71 Gb Free Space | 36.76% Space Free | Partition Type: NTFS
Drive D: | 89.99 Gb Total Space | 38.08 Gb Free Space | 42.32% Space Free | Partition Type: NTFS
Drive E: | 90.00 Gb Total Space | 2.41 Gb Free Space | 2.68% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDY-4CD233BBA
Current User Name: Sandy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE -- (Microsoft Corporation)
"C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe" = C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe:*:Enabled:ENABLE -- (Intel Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Sony\VAIO Event Service\VESMgr.exe" = C:\Program Files\Sony\VAIO Event Service\VESMgr.exe:*:Enabled:VESMgr -- (Sony Corporation)
"C:\Program Files\McAfee\VirusScan\mcvsmap.exe" = C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap -- (McAfee, Inc.)
"C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" = C:\Program Files\Sony\VAIO Power Management\SPMgr.exe:*:Enabled:SPMgr -- (Sony Corporation)
"C:\WINDOWS\system32\hkcmd.exe" = C:\WINDOWS\system32\hkcmd.exe:*:Enabled:hkcmd -- (Intel Corporation)
"C:\WINDOWS\system32\igfxext.exe" = C:\WINDOWS\system32\igfxext.exe:*:Enabled:igfxext -- (Intel Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player Beta -- (Veoh Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{20608BFA-6068-48FE-A410-400F2A124C27}" = Microsoft SQL Server Management Studio Express
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.1.184_Foxconn Installation Program
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}" = BlackBerry Desktop Software 4.2
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4CC41272-6AA9-4946-ABA6-61C05A40DE80}" = QuickTest Professional
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBD1F6FB-1E8E-4B41-9948-C99954FBAB4C}" = TIPCI
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C02E178A-52FA-3266-E945-BE38D3171033}" = Nero 7 Ultra Edition
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"293E716FC1B992118AC28836E0E8C4E9ECFBC743" = Windows Driver Package - Ricoh R5U870 (UVC) (09/08/2007 6.1006.209.0)
"443F597AC826649DFC082E0DF0957D89570AA81A" = Windows Driver Package - Ricoh Company (risdptsk) hdc (07/09/2008 6.03.02.20)
"48E8FCEA437E11B3576F8FC8568009C5D3D70598" = Windows Driver Package - Marvell (yukonwxp) Net (04/04/2008 10.57.3.3)
"A873017CDB0AC4F7A215803889AC2C84512FF29A" = Windows Driver Package - Ricoh Company Memorystick Host Controller (06/25/2008 6.03.00.0054)
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0.8 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}" = BlackBerry Desktop Software 4.2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE4Dev" = Microsoft Script Debugger
"ie7" = Windows Internet Explorer 7
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{BBD1F6FB-1E8E-4B41-9948-C99954FBAB4C}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Memory Stick Icon1.0" = Memory Stick Icon
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Veoh Web Player Beta" = Veoh Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/22/2009 3:32:58 PM | Computer Name = SANDY-4CD233BBA | Source = MSSQLSERVER | ID = 17826
Description = Could not start the network library because of an internal error in
the network library. To determine the cause, review the errors immediately preceding
this one in the error log.

Error - 7/22/2009 3:32:58 PM | Computer Name = SANDY-4CD233BBA | Source = MSSQLSERVER | ID = 17120
Description = SQL Server could not spawn FRunCM thread. Check the SQL Server error
log and the Windows event logs for information about possible related problems.

Error - 7/23/2009 3:02:49 AM | Computer Name = SANDY-4CD233BBA | Source = MSSQLSERVER | ID = 17182
Description = TDSSNIClient initialization failed with error 0x5, status code 0x51.

Error - 7/23/2009 3:02:49 AM | Computer Name = SANDY-4CD233BBA | Source = MSSQLSERVER | ID = 17182
Description = TDSSNIClient initialization failed with error 0x5, status code 0x1.

Error - 7/23/2009 3:02:49 AM | Computer Name = SANDY-4CD233BBA | Source = MSSQLSERVER | ID = 17826
Description = Could not start the network library because of an internal error in
the network library. To determine the cause, review the errors immediately preceding
this one in the error log.

Error - 7/23/2009 3:02:49 AM | Computer Name = SANDY-4CD233BBA | Source = MSSQLSERVER | ID = 17120
Description = SQL Server could not spawn FRunCM thread. Check the SQL Server error
log and the Windows event logs for information about possible related problems.

Error - 7/23/2009 12:00:44 PM | Computer Name = SANDY-4CD233BBA | Source = MSSQLSERVER | ID = 17182
Description = TDSSNIClient initialization failed with error 0x5, status code 0x51.

Error - 7/23/2009 12:00:44 PM | Computer Name = SANDY-4CD233BBA | Source = MSSQLSERVER | ID = 17182
Description = TDSSNIClient initialization failed with error 0x5, status code 0x1.

Error - 7/23/2009 12:00:44 PM | Computer Name = SANDY-4CD233BBA | Source = MSSQLSERVER | ID = 17826
Description = Could not start the network library because of an internal error in
the network library. To determine the cause, review the errors immediately preceding
this one in the error log.

Error - 7/23/2009 12:00:44 PM | Computer Name = SANDY-4CD233BBA | Source = MSSQLSERVER | ID = 17120
Description = SQL Server could not spawn FRunCM thread. Check the SQL Server error
log and the Windows event logs for information about possible related problems.

[ System Events ]
Error - 7/12/2009 1:49:04 AM | Computer Name = SANDY-4CD233BBA | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 3 time(s). The following corrective action will be taken in
5000 milliseconds: Run the configured recovery program.

Error - 7/12/2009 1:49:04 AM | Computer Name = SANDY-4CD233BBA | Source = Service Control Manager | ID = 7034
Description = The McAfee Services service terminated unexpectedly. It has done
this 3 time(s).

Error - 7/12/2009 1:49:04 AM | Computer Name = SANDY-4CD233BBA | Source = Service Control Manager | ID = 7034
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 3 time(s).

Error - 7/12/2009 1:49:04 AM | Computer Name = SANDY-4CD233BBA | Source = Service Control Manager | ID = 7034
Description = The McAfee SystemGuards service terminated unexpectedly. It has done
this 3 time(s).

Error - 7/12/2009 1:49:04 AM | Computer Name = SANDY-4CD233BBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/12/2009 1:50:57 AM | Computer Name = SANDY-4CD233BBA | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 7/12/2009 1:50:57 AM | Computer Name = SANDY-4CD233BBA | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error: %%2

Error - 7/12/2009 1:50:57 AM | Computer Name = SANDY-4CD233BBA | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 7/12/2009 1:51:06 AM | Computer Name = SANDY-4CD233BBA | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSQLSERVER) service terminated with service-specific
error 5 (0x5).

Error - 7/12/2009 1:51:12 AM | Computer Name = SANDY-4CD233BBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.


< End of report >
==============
Gmer scan Report

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-24 23:51:51
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x9CA209AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0x9CA20A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x9CA20958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x9CA2096C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0x9CA20A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0x9CA20A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0x9CA20AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0x9CA20AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x9CA209EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x9CA20B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0x9CA20A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x9CA20930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x9CA20944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x9CA209BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0x9CA20B57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0x9CA20AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0x9CA20AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0x9CA20A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x9CA20B43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x9CA20B2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x9CA20996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x9CA20982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0x9CA20A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x9CA20A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0x9CA20B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x9CA20A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x9CA209D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP 9CA209D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP 9CA209AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP 9CA209EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP 9CA20A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP 9CA209C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP 9CA20934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP 9CA20948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP 9CA20986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP 9CA20970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP 9CA2095C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP 9CA2099A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP 9CA20A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219E8 7 Bytes JMP 9CA20AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D36 7 Bytes JMP 9CA20A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622060 7 Bytes JMP 9CA20B09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228FE 7 Bytes JMP 9CA20AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 7 Bytes JMP 9CA20A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237B0 5 Bytes JMP 9CA20A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C40 7 Bytes JMP 9CA20A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E10 7 Bytes JMP 9CA20A85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 7 Bytes JMP 9CA20AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425A 7 Bytes JMP 9CA20ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP 9CA20A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EA8 7 Bytes JMP 9CA20B5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80625168 5 Bytes JMP 9CA20B33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585C 5 Bytes JMP 9CA20B47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625976 5 Bytes JMP 9CA20B1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F5C
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0F77
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0F94
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0FA5
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0047
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE007D
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F41
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE00BA
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00A9
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0EFC
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FB6
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE006C
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0011
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE008E
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD006C
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BD005B
.text C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0040
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0FAB
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC002C
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FC6
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0FE3
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\svchost.exe[708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070078
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F8D
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FC0
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700B5
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700A4
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700D0
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F37
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F1C
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070051
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070093
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F48
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050F92
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FAD
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005001D
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FC8
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DF000A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DF0F88
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DF007D
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DF006C
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DF0051
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DF0FCA
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DF00AB
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DF008E
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DF00F2
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DF00D7
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DF0103
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DF0FAF
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DF0FE5
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DF0F63
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DF0036
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DF0025
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DF00BC
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DE001B
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DE0069
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DE0FCA
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DE0000
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DE0058
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DE0FE5
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DE003D
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DE002C
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DD0F94
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DD0029
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DD0FDE
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DD0FC3
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B10084
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B10073
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B10058
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B1003D
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B10FB6
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B100B2
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B10F6A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B10F4F
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B100E8
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B10F34
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B10FA5
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B10FDB
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B10095
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B10022
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B10011
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B100C3
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B00025
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B00F8D
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B00FDE
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B00040
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B00F9E
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D0, 88]
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B00FAF
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AF0FD9
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AF005A
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AF002E
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AF0049
.text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AF001D
.text C:\WINDOWS\system32\svchost.exe[1088] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0071
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0060
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0F86
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0F97
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0FBC
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F3F
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F50
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA0F13
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA00AC
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA00D1
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0039
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0F61
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0FCD
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0014
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0F2E
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90014
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C9005B
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90FC3
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90F9E
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90FE5
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C90036
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90025
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80FA8
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80FB9
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80FE5
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FD4
.text C:\WINDOWS\system32\svchost.exe[1136] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C8001D
.text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70FE5
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 032B0FEF
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 032B0F52
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 032B0F6D
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 032B0F7E
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 032B003D
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 032B0022
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 032B0F24
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 032B0F41
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 032B00A5
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 032B0F02
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 032B00B6
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 032B0F9B
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 032B0000
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 032B0062
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 032B0FC0
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 032B0011
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 032B0F13
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03290025
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0329006C
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0329000A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03290FD4
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0329005B
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03290FEF
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03290FAF
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 8B]
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03290036
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03280FB2
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!system 77C293C7 5 Bytes JMP 0328003D
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03280FCD
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03280000
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0328002C
.text C:\WINDOWS\System32\svchost.exe[1176] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03280011
.text C:\WINDOWS\System32\svchost.exe[1176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03270FEF
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 032A0000
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 032A001B
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 032A0036
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 032A0051
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660F68
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660053
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F79
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660F94
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660FAF
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00660084
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00660F3C
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00660F21
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006600BA
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006600DF
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00660036
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00660FDB
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00660F57
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00660FC0
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00660011
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0066009F
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00650FC0
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00650062
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00650047
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640F7F
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640F90
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00640FBC
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640FAB
.text C:\WINDOWS\system32\svchost.exe[1288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00640FD7
.text C:\WINDOWS\system32\svchost.exe[1288] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90069
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B9004E
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9003D
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F8A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FA5
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90084
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F32
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900C1
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B900B0
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900DC
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B9002C
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90011
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F59
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FC0
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FD1
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90095
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80FC0
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80062
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FDB
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80051
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B80FA5
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D8, 88]
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B8002C
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70053
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70038
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B7000C
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70027
.text C:\WINDOWS\system32\svchost.exe[1316] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FDE
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0062
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0047
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD0F6D
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F35
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD007D
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD00B3
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00A2
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD0EF5
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD0F94
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD0F52
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD0FC0
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F24
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0092002C
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0092007D
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00920FE5
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0092006C
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00920051
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00920FCA
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910FAD
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910038
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00910FC8
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910027
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlA 78070BD2 3 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlA + 4 78070BD6 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00930040
.text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00900FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00A9
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0098
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A007D
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A005B
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00D7
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F8F
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0114
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00F9
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0125
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A006C
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00BA
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0025
.text C:\WINDOWS\System32\svchost.exe[2168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00E8
.text C:\WINDOWS\System32\svchost.exe[2168] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290F9E
.text C:\WINDOWS\System32\svchost.exe[2168] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F46
.text C:\WINDOWS\System32\svchost.exe[2168] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FB9
.text C:\WINDOWS\System32\svchost.exe[2168] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[2168] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F57
.text C:\WINDOWS\System32\svchost.exe[2168] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[2168] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F72
.text C:\WINDOWS\System32\svchost.exe[2168] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\System32\svchost.exe[2168] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290F83
.text C:\WINDOWS\System32\svchost.exe[2168] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E003B
.text C:\WINDOWS\System32\svchost.exe[2168] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E002A
.text C:\WINDOWS\System32\svchost.exe[2168] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FC1
.text C:\WINDOWS\System32\svchost.exe[2168] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[2168] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FB0
.text C:\WINDOWS\System32\svchost.exe[2168] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FD2
.text C:\WINDOWS\System32\svchost.exe[2168] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0FEF
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2888] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F6F
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0064
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0049
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F8A
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FA5
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F41
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0089
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F0E
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F1F
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00B8
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A002C
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F5E
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\Explorer.EXE[4040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F30
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F79
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FB9
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FCA
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290036
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290025
.text C:\WINDOWS\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290F9E
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FA6
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0031
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FC1
.text C:\WINDOWS\Explorer.EXE[4040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\Explorer.EXE[4040] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[4040] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 002C001B
.text C:\WINDOWS\Explorer.EXE[4040] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 002C0036
.text C:\WINDOWS\Explorer.EXE[4040] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\Explorer.EXE[4040] WS2_32.dll!socket 71AB4211 5 Bytes JMP 018C0FE5

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----
=======================

Thank you.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 25 July 2009 - 03:16 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    [2009/04/05 12:58:56 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
    
    :files
    C:\Program Files\Viewpoint
    
    :Services
    Viewpoint Manager Service
    {0FD20725-6409-45A8-A508346993949143}
    {DCBD78C6-C486-4275-B1F373C89DB0CBCC}
    
    
    :Commands
    [resethosts]
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
==========================
Please first delete your version of Combofix then do the following:
=====
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.


Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 san_scorpio9

san_scorpio9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 25 July 2009 - 06:08 PM

Hello Again,

=========
OTL LOG
All processes killed
========== OTL ==========
No active process named TeaTimer.exe was found!
No active process named ViewpointService.exe was found!
File C:\WINDOWS\System32\epoPGPsdk.dll.sig not found.
========== FILES ==========
File\Folder C:\Program Files\Viewpoint not found.
========== SERVICES/DRIVERS ==========
Service\Driver Viewpoint Manager Service not found.
Service\Driver Viewpoint Manager Service not found.
Service\Driver {0FD20725-6409-45A8-A508346993949143} not found.
Service\Driver {0FD20725-6409-45A8-A508346993949143} not found.
Service\Driver {DCBD78C6-C486-4275-B1F373C89DB0CBCC} not found.
Service\Driver {DCBD78C6-C486-4275-B1F373C89DB0CBCC} not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Sandy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6910891 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.65 mb


OTL by OldTimer - Version 3.0.10.3 log created on 07252009_182644

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
========================


Combo Log

ComboFix 09-07-24.01 - Sandy 07/25/2009 19:00.31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2939.2498 [GMT -4:00]
Running from: c:\documents and settings\Sandy\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\run.log
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-25 22:19 . 2009-07-25 22:19 -------- d-----w- C:\_OTL
2009-07-23 07:48 . 2009-07-23 07:48 -------- d-----w- c:\program files\MSSOAP
2009-07-23 07:48 . 2009-07-23 07:48 -------- d-----w- c:\program files\Microsoft WSE
2009-07-22 19:16 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 19:16 . 2009-07-22 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 19:16 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 18:27 . 2009-07-22 19:22 -------- d-----w- c:\program files\hesjer
2009-07-20 02:09 . 2009-07-20 02:09 -------- d-----w- c:\program files\Veoh Networks
2009-07-17 02:51 . 2009-07-17 02:51 -------- d-----w- c:\documents and settings\Sandy\Local Settings\Application Data\Temp
2009-07-15 17:50 . 2009-07-15 17:50 -------- d-----w- c:\program files\Lavalys
2009-07-12 23:39 . 2009-07-12 23:39 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-07-12 23:38 . 2009-07-12 23:39 -------- d-----w- c:\windows\ShellNew
2009-07-12 20:11 . 2009-07-12 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:11 . 2009-07-12 20:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-12 17:27 . 2009-07-01 21:13 161816 ----a-w- c:\windows\RegGenieOnUninstall.exe
2009-07-12 17:27 . 2009-07-14 01:02 -------- d-----w- c:\program files\RegGenie
2009-07-08 06:47 . 2009-07-08 06:47 -------- d-----w- c:\documents and settings\Sandy\Local Settings\Application Data\WMTools Downloaded Files
2009-07-08 06:08 . 2009-07-08 06:08 -------- d-----w- c:\documents and settings\Sandy\Application Data\Apple Computer
2009-07-08 05:51 . 2009-07-08 05:52 -------- d-----w- c:\program files\QuickTime
2009-07-08 05:51 . 2009-07-08 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-08 05:51 . 2009-07-08 05:51 -------- d-----w- c:\documents and settings\Sandy\Local Settings\Application Data\Apple
2009-07-08 05:51 . 2009-07-08 05:51 -------- d-----w- c:\program files\Apple Software Update
2009-07-08 05:51 . 2009-07-08 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-08 05:51 . 2009-07-08 05:51 -------- d-----w- c:\documents and settings\Sandy\Local Settings\Application Data\Apple Computer
2009-07-03 15:10 . 2009-07-03 15:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-03 15:01 . 2009-07-03 15:01 -------- d-s---w- c:\documents and settings\Guest\UserData
2009-07-03 05:24 . 2009-07-03 05:24 -------- d-----w- c:\program files\Alwil Software
2009-07-02 19:47 . 2006-03-03 12:07 143360 ----a-w- c:\windows\system32\dunzip32.dll
2009-07-02 19:43 . 2007-11-22 10:44 33832 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-02 19:43 . 2007-12-02 16:51 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-02 19:43 . 2007-11-22 10:44 79304 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-02 19:43 . 2007-11-22 10:44 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-02 19:43 . 2007-11-22 10:44 201320 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-02 19:43 . 2007-07-13 10:20 113952 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-02 19:43 . 2009-07-02 19:43 -------- d-----w- c:\program files\McAfee.com
2009-07-02 19:43 . 2009-07-02 19:43 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-02 10:05 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-02 10:05 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-02 10:05 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2009-07-02 10:05 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-02 06:42 . 2009-07-02 06:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-02 04:26 . 2009-07-10 21:33 164880 ---ha-w- c:\documents and settings\Sandy\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2009-07-02 04:25 . 2009-07-14 01:01 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-06-30 22:12 . 2009-06-30 22:12 -------- d-----w- c:\documents and settings\Sandy\Local Settings\Application Data\AOL
2009-06-30 22:12 . 2009-06-30 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-30 22:12 . 2009-06-30 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-06-30 22:12 . 2009-06-30 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-30 22:11 . 2009-07-02 22:55 -------- d-----w- c:\program files\Common Files\AOL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 01:44 . 2009-04-12 16:15 -------- d-----w- c:\documents and settings\Sandy\Application Data\BitTorrent
2009-07-23 21:33 . 2009-04-30 19:07 -------- d-----w- c:\program files\Quest Software
2009-07-17 04:06 . 2009-04-05 09:43 42944 ----a-w- c:\documents and settings\Sandy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 00:59 . 2009-04-09 15:36 -------- d-----w- c:\program files\Business Objects
2009-07-12 23:34 . 2009-04-05 10:07 -------- d-----w- c:\program files\Microsoft.NET
2009-07-05 22:25 . 2009-04-05 11:55 -------- d-----w- c:\documents and settings\Sandy\Application Data\vlc
2009-07-02 19:47 . 2009-04-05 16:58 -------- d-----w- c:\program files\McAfee
2009-07-02 19:47 . 2009-04-05 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-02 09:50 . 2009-04-30 19:09 -------- d-----w- c:\program files\Common Files\Quest Shared
2009-07-02 09:47 . 2009-04-14 11:28 218 ----a-w- c:\windows\system32\runPublishUtil.bat
2009-07-02 04:45 . 2009-04-14 10:08 -------- d-----w- c:\program files\NotesSQL
2009-07-02 04:45 . 2009-04-05 12:27 -------- d-----w- c:\program files\Nero
2009-07-02 04:45 . 2009-04-05 09:27 -------- d-----w- c:\program files\Atheros
2009-07-02 04:45 . 2009-04-05 09:00 -------- d-----w- c:\program files\microsoft frontpage
2009-06-20 06:50 . 2009-04-06 09:24 -------- d-----w- c:\documents and settings\Sandy\Application Data\AdobeUM
2009-06-18 06:20 . 2009-06-18 06:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-18 06:20 . 2009-06-18 06:20 -------- d-----w- c:\program files\Java
2009-06-18 06:20 . 2009-06-18 06:20 152576 ----a-w- c:\documents and settings\Sandy\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 18:03 . 2009-06-15 01:42 -------- d-----w- c:\program files\Common Files\Nero
2009-06-17 18:02 . 2009-06-15 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-16 14:36 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 05:55 . 2009-06-16 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\99782496
2009-06-15 02:03 . 2009-05-30 03:40 -------- d-----w- c:\documents and settings\Sandy\Application Data\Nero
2009-06-12 22:13 . 2009-06-12 22:13 -------- d-----w- c:\documents and settings\Sandy\Application Data\HP
2009-06-12 22:12 . 2009-06-12 22:12 -------- d-----w- c:\program files\Common Files\Bcgsoft
2009-06-10 23:52 . 2009-06-10 23:52 -------- d-----w- c:\program files\Microsoft Script Debugger
2009-06-10 23:51 . 2004-08-04 00:56 1025 ----a-w- c:\windows\system32\q5ealqp.dll
2009-06-10 23:51 . 2004-08-04 00:56 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-06-10 23:51 . 2004-08-04 00:56 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-06-10 23:51 . 2004-08-04 00:56 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-06-10 23:51 . 2004-08-04 00:56 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-06-10 23:50 . 2009-06-10 23:50 -------- d-----w- c:\program files\Common Files\Mercury Interactive
2009-06-10 23:50 . 2009-06-10 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-10 23:45 . 2009-06-10 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-06-10 23:45 . 2009-06-10 22:43 -------- d-----w- c:\program files\HP
2009-06-10 22:58 . 2009-06-10 22:51 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-10 22:58 . 2009-06-10 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 22:53 . 2009-06-10 22:53 -------- d-----w- c:\program files\MSXML 6.0
2009-06-09 00:14 . 2009-06-09 00:16 83460 ----a-w- c:\windows\Fonts\SW908.TTF
2009-06-04 19:10 . 2009-04-06 06:11 -------- d-----w- c:\program files\Yahoo!
2009-06-04 01:39 . 2009-06-04 01:39 -------- d-----w- c:\documents and settings\Sandy\Application Data\Yahoo!
2009-06-03 19:09 . 2004-08-04 00:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 16:53 . 2009-05-17 04:58 32 --s-a-w- c:\windows\system32\2355762887.dat
2009-05-27 22:28 . 2009-05-27 22:28 -------- d-----w- c:\program files\Citrix
2009-05-27 22:28 . 2009-05-27 22:28 60744 ----a-w- c:\documents and settings\Sandy\g2mdlhlpx.exe
2009-05-07 15:32 . 2004-08-04 00:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:03 . 2009-05-04 19:03 59904 ----a-w- c:\windows\system32\zlib1.dll
2009-05-04 18:53 . 2009-05-04 18:53 286720 ----a-w- c:\windows\system32\libcurl.dll
2009-05-04 18:53 . 2009-05-04 18:53 196608 ----a-w- c:\windows\system32\ssleay32.dll
2009-05-04 18:53 . 2009-05-04 18:53 143360 ----a-w- c:\windows\system32\libexpatw.dll
2009-04-30 19:17 . 2009-04-30 19:17 46 ----a-w- c:\windows\system32\regset11.dat
2009-04-29 04:56 . 2004-08-04 00:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 00:56 78336 ----a-w- c:\windows\system32\ieencode.dll
.

------- Sigcheck -------

[7] 2004-08-04 00:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2004-08-04 00:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\spoolsv.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-07-22_19.01.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-25 22:27 . 2009-07-25 22:27 16384 c:\windows\temp\Perflib_Perfdata_11c.dat
+ 2009-01-01 13:59 . 2009-01-01 13:59 26624 c:\windows\system32\WIAgentLogFileU.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 49152 c:\windows\system32\MFC80KOR.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 49152 c:\windows\system32\MFC80JPN.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 45056 c:\windows\system32\MFC80CHT.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 40960 c:\windows\system32\MFC80CHS.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 69632 c:\windows\system32\gswdll32.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 69632 c:\windows\system32\dzstactx.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 32768 c:\windows\system32\dzprog32.exe
+ 2009-01-01 16:47 . 2009-01-01 16:47 49152 c:\windows\system32\dz_ez32.dll
- 2009-07-15 01:27 . 2009-07-22 16:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-15 01:27 . 2009-07-25 22:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-05 09:06 . 2009-07-25 22:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-05 09:06 . 2009-07-22 16:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-05 09:06 . 2009-07-22 16:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-05 09:06 . 2009-07-25 22:13 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-01 16:47 . 2009-01-01 16:47 96256 c:\windows\system32\ATL80.dll
+ 2009-07-23 07:48 . 2009-07-23 07:48 10134 c:\windows\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
+ 2009-07-23 07:47 . 2009-07-23 07:47 69632 c:\windows\assembly\GAC_MSIL\Mercury.QTP.WpfAgent\9.5.208.0__7d38df5e43b1c39a\Mercury.QTP.WpfAgent.dll
+ 2009-07-23 07:47 . 2009-07-23 07:47 40960 c:\windows\assembly\GAC\MngUtils\8.0.130.0__7d38df5e43b1c39a\MngUtils.dll
+ 2009-07-23 07:47 . 2009-07-23 07:47 28672 c:\windows\assembly\GAC\Mercury.QTP.CustomServer\6.5.133.0__7d38df5e43b1c39a\Mercury.QTP.CustomServer.dll
+ 2009-07-23 07:47 . 2009-07-23 07:47 3072 c:\windows\assembly\GAC_MSIL\policy.9.5.Mercury.QTP.WpfAgent\9.5.208.0__7d38df5e43b1c39a\policy.9.5.Mercury.QTP.WpfAgent.dll
+ 2009-07-23 07:47 . 2009-07-23 07:47 3584 c:\windows\assembly\GAC\policy.8.0.MngUtils\8.0.130.0__7d38df5e43b1c39a\policy.8.0.MngUtils.dll
+ 2009-07-23 07:47 . 2009-07-23 07:47 3584 c:\windows\assembly\GAC\policy.8.0.Mercury.QTP.Agent\8.0.137.0__7d38df5e43b1c39a\policy.8.0.Mercury.QTP.Agent.dll
+ 2009-07-23 07:47 . 2009-07-23 07:47 3584 c:\windows\assembly\GAC\policy.6.5.Mercury.QTP.CustomServer\8.0.133.0__7d38df5e43b1c39a\policy.6.5.Mercury.QTP.CustomServer.dll
+ 2001-09-07 15:41 . 2001-09-07 15:41 290816 c:\windows\system32\WINHTTP5.DLL
+ 2009-01-01 16:47 . 2009-01-01 16:47 148480 c:\windows\system32\tlbinf32.dll
+ 2009-01-01 13:59 . 2009-01-01 13:59 147456 c:\windows\system32\ShellHook.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 626688 c:\windows\system32\msvcr80.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 548864 c:\windows\system32\msvcp80.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 479232 c:\windows\system32\msvcm80.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 146976 c:\windows\system32\mfcoleui.dll
+ 2009-01-01 13:56 . 2009-01-01 13:56 126976 c:\windows\system32\jvmhook.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 446464 c:\windows\system32\HHActiveX.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 279040 c:\windows\system32\gswag32.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 290816 c:\windows\system32\gsw32.exe
+ 2009-01-01 16:47 . 2009-01-01 16:47 159744 c:\windows\system32\ExPrint.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 131072 c:\windows\system32\dzip32.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 253952 c:\windows\system32\dzactx.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 229376 c:\windows\system32\duzactx.dll
+ 2009-01-01 13:59 . 2009-01-01 13:59 144768 c:\windows\system32\BHOManager.dll
+ 2009-07-23 07:48 . 2009-07-23 07:48 884736 c:\windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
+ 2009-07-23 07:47 . 2009-07-23 07:47 196608 c:\windows\assembly\GAC\Mercury.QTP.Agent\8.0.137.0__7d38df5e43b1c39a\Mercury.QTP.Agent.dll
+ 2009-07-23 07:48 . 2009-07-23 07:48 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2009-01-01 16:47 . 2009-01-01 16:47 1277952 c:\windows\system32\ExGrid.dll
+ 2009-07-23 07:48 . 2009-07-23 07:48 1470464 c:\windows\Installer\222ef8.msi
+ 2009-07-23 07:48 . 2009-07-23 07:48 1013248 c:\windows\Installer\222ef1.msi
+ 2009-07-23 07:46 . 2009-07-23 07:46 9838592 c:\windows\Installer\222eed.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-10 94208]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Sandy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-08 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-22 1032192]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Distillr\Acrotray.exe" [2006-01-12 483328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-05 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-20 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-20 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-20 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-20 135680]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-4-5 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2009-01-01 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-12-28 11:24 73728 ------w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [6/10/2009 7:50 PM 11107]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [4/5/2009 10:01 AM 9344]
S2 0170681246563817mcinstcleanup;McAfee Application Installer Cleanup (0170681246563817);c:\docume~1\Sandy\LOCALS~1\Temp\017068~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Sandy\LOCALS~1\Temp\017068~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/6/2009 5:16 AM 13224]
.
Contents of the 'Scheduled Tasks' folder

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-02 17:32]

2009-07-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-02 17:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{cb102763-7a8e-41f1-81b2-e47f3145b19d} - (no file)


.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: gmail.com\www
TCP: {AF7AE598-E5F3-48B7-833D-F98904FCDB17} = 202.88.174.6,202.88.174.8
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 19:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-07-25 19:05
ComboFix-quarantined-files.txt 2009-07-25 23:05
ComboFix2.txt 2009-07-22 19:09
ComboFix3.txt 2009-07-22 19:02
ComboFix4.txt 2009-07-14 21:50
ComboFix5.txt 2009-07-22 19:11

Pre-Run: 21,370,204,160 bytes free
Post-Run: 21,325,668,352 bytes free

300 --- E O F --- 2009-07-17 15:02
===================================

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 26 July 2009 - 08:16 AM

================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
============================Eset online scanner==========================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 san_scorpio9

san_scorpio9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 26 July 2009 - 12:00 PM

Hello kahdah,
After running combofix yesterday, windows is re-starting automatically.At first a blue screen appears just for a second or two saying some error that even i couldn't get a glimpse of it and restarts automatically. Its windows XP.

Thanks and regards,
Sandy.

#8 san_scorpio9

san_scorpio9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 26 July 2009 - 01:28 PM

Hey Kahdah,

Somehow again my system started working normally after couple of restart.Newayz i did all the scans as you asked me to do.I have attached the results below.

MBAM LOG
================
Malwarebytes' Anti-Malware 1.39
Database version: 2506
Windows 5.1.2600 Service Pack 3

7/26/2009 1:34:44 PM
mbam-log-2009-07-26 (13-34-44).txt

Scan type: Quick Scan
Objects scanned: 106938
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
=====================

Eset Online scanner Log
================
C:\Documents and Settings\Sandy\Local Settings\temp\nps239.tmp PDF/Exploit.Gen trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\syssvc.exe.vir Win32/Agent.PTT trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\gdi32lib.dll.vir Win32/Adware.XPDeluxeProtector application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\wiawow32.sys.vir a variant of Win32/TrojanClicker.VB.NIL trojan cleaned by deleting - quarantined
===============================
OTL LOg
==============
OTL logfile created on: 7/26/2009 2:20:57 PM - Run 2
OTL by OldTimer - Version 3.0.10.3 Folder = E:\wareznAppz
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 20.56 Gb Free Space | 51.39% Space Free | Partition Type: NTFS
Drive D: | 89.99 Gb Total Space | 33.66 Gb Free Space | 37.40% Space Free | Partition Type: NTFS
Drive E: | 90.00 Gb Total Space | 2.41 Gb Free Space | 2.68% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDY-4CD233BBA
Current User Name: Sandy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Adobe\Distillr\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\WINDOWS\System32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\McShield.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - E:\wareznAppz\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (0170681246563817mcinstcleanup [Auto | Stopped]) -- File not found
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McAfeeFramework [Unknown | Stopped]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\McShield.exe (McAfee, Inc.)
SRV - (McSysmon [Disabled | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (msftesql [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
SRV - (MSSQLSERVER [Auto | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Stopped]) -- File not found
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Spooler [Auto | Stopped]) -- File not found
SRV - (SQLBrowser [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (VAIO Event Service [Auto | Running]) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Stopped]) -- C:\WINDOWS\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AR5416 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\athw.sys (Atheros Communications, Inc.)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (ggflt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (paldrv [Auto | Running]) -- C:\WINDOWS\System32\pal_drv.sys (Mercury Interactive Corp.)
DRV - (PQNTDrv [System | Running]) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rimsptsk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (risdptsk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\risdptsk.sys (REDC)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SFEP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SFEP.sys (Sony Corporation)
DRV - (SNC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SonyNC.sys (Sony Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (UIUSys [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS (Conexant Systems, Inc)
DRV - (vmm [System | Running]) -- C:\WINDOWS\System32\Drivers\vmm.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/18 02:20:58 | 00,000,000 | ---D | M]


O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BHOManager Class) - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\System32\BHOManager.dll (Mercury Interactive (Israel) Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {cb102763-7a8e-41f1-81b2-e47f3145b19d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Sandy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: gmail.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1238929790593 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - C:\Program Files\HP\QuickTest Professional\bin\ielpview.dll (Mercury Interactive (Israel) Ltd.)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vfsp {E4CB5121-E242-11D4-8ED6-00010219EB22} - C:\Program Files\HP\QuickTest Professional\bin\VFSProtocol.dll (Mercury Interactive (Israel) Ltd.)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\WINDOWS\System32\ShellHook.dll (Mercury Interactive (Israel) Ltd.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/05 04:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/26 13:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/07/25 19:15:40 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/25 19:04:23 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/07/25 19:04:23 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/07/25 19:04:23 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/07/25 19:00:05 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/07/25 18:19:52 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/24 16:15:58 | 00,006,213 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\InfoPass...htm
[2009/07/24 16:15:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\InfoPass.._files
[2009/07/23 03:48:47 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/07/23 03:48:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2009/07/23 03:44:27 | 00,001,092 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTest Professional.lnk
[2009/07/23 03:20:15 | 14,786,31511 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\T6510-15063 (1).zip
[2009/07/22 15:32:15 | 30,817,97632 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/22 15:16:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/22 15:16:09 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/22 15:16:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/22 15:11:50 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/22 15:11:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/22 15:11:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/22 15:11:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/22 15:11:50 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/22 15:11:50 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/22 15:11:50 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/22 15:11:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/22 15:02:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/07/22 14:27:20 | 00,000,000 | ---D | C] -- C:\Program Files\hesjer
[2009/07/20 19:03:59 | 00,058,368 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Sandeep_Rayapalli Validations.doc
[2009/07/19 22:09:33 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/07/18 20:23:51 | 00,200,704 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Reuters_TestHarness_STR.xls
[2009/07/18 20:23:21 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Cycle_Report.xls
[2009/07/18 20:22:45 | 00,217,686 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Part2.zip
[2009/07/18 20:22:27 | 00,443,250 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Part1.zip
[2009/07/16 22:51:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Temp
[2009/07/15 14:25:42 | 01,987,320 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Sys Report
[2009/07/15 13:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2009/07/15 13:29:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/07/15 01:22:03 | 24,539,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/14 17:49:32 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/13 17:00:06 | 00,075,264 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\AUPM - OSM Self Help Portal Initial Trial1.2 (3).doc
[2009/07/13 16:59:01 | 00,129,024 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\OSM_testcases1 (1).doc
[2009/07/13 16:52:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\New Folder
[2009/07/13 16:51:51 | 00,156,672 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Copy_Deck_OSM_Self_Help_Portal1.5 (2).ppt
[2009/07/12 23:59:14 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/12 19:39:43 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/07/12 19:39:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/07/12 19:38:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2009/07/12 17:19:50 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\tuviyaji
[2009/07/12 16:11:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/12 16:11:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/07/12 13:48:11 | 00,000,620 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2009/07/12 13:27:19 | 00,161,816 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2009/07/12 13:27:15 | 00,000,000 | ---D | C] -- C:\Program Files\RegGenie
[2009/07/12 01:54:05 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/12 01:54:05 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/12 01:54:05 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/12 01:54:05 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/12 01:54:05 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/12 01:54:05 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/12 01:54:05 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/12 01:54:05 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/12 01:54:05 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/12 01:54:05 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/11 16:35:16 | 01,123,840 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\shobha%20facial%20pain[1].ppt
[2009/07/11 10:06:04 | 00,065,024 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Low Back Pain.ppt
[2009/07/10 16:59:54 | 00,002,290 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Google Chrome.lnk
[2009/07/08 02:47:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\WMTools Downloaded Files
[2009/07/08 02:08:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Application Data\Apple Computer
[2009/07/08 01:51:59 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/08 01:51:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/08 01:51:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Apple
[2009/07/08 01:51:42 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/07/08 01:51:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/07/08 01:51:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\Apple Computer
[2009/07/06 18:59:19 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/06 18:59:19 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/06 18:59:19 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/06 18:59:19 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/06 18:59:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/06 18:33:36 | 00,086,528 | ---- | C] () -- C:\Documents and Settings\Sandy\Desktop\Sandy QA Resume.doc
[2009/07/06 18:33:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Desktop\DESKTOP
[2009/07/03 11:10:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009/07/03 01:24:45 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/02 18:37:15 | 00,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/02 15:47:43 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/02 15:47:17 | 00,143,360 | ---- | C] (Inner Media, Inc.) -- C:\WINDOWS\System32\dunzip32.dll
[2009/07/02 15:43:46 | 00,033,832 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/07/02 15:43:44 | 00,201,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/07/02 15:43:44 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/07/02 15:43:44 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/07/02 15:43:44 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/07/02 15:43:41 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/07/02 15:43:30 | 00,000,340 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/02 15:43:29 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/02 15:43:21 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/07/02 15:43:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/07/02 15:25:27 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/02 15:25:27 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/02 15:25:27 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/02 15:25:27 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/02 15:25:27 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/02 15:25:27 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/02 15:25:27 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/02 15:25:27 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/02 15:25:27 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/02 15:25:27 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/02 15:25:27 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/02 15:25:27 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/02 15:25:27 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/02 15:25:27 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/02 15:25:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/02 15:25:27 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/02 15:25:27 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/02 15:25:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/02 15:25:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/02 06:05:22 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/07/02 06:05:22 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/07/02 06:05:20 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2009/07/02 06:05:20 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grpconv.exe
[2009/07/02 02:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/07/02 00:25:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Virtual PC
[2009/06/30 18:12:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sandy\Local Settings\Application Data\AOL
[2009/06/30 18:12:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/30 18:12:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/06/30 18:12:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/06/30 18:11:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/06/30 18:11:26 | 00,000,459 | -H-- | C] () -- C:\IPH.PH
[2009/06/14 22:00:14 | 00,000,029 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/06/12 18:12:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\flight4a.INI
[2009/06/10 19:50:11 | 00,001,005 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2009/05/14 19:00:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/05/14 18:35:11 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2009/05/04 15:03:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/05/04 14:53:28 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2009/05/04 14:53:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2009/04/14 07:28:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\designer.INI
[2009/04/12 12:00:29 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2009/04/06 08:08:23 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/05 06:08:12 | 00,000,718 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/05 02:18:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2004/08/03 20:56:44 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\q5ealqp.dll
[2004/08/03 20:56:44 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/03 20:56:44 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/03 20:56:44 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/03 20:56:44 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/03 20:56:44 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\gg9cgr5.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\zujmcc7.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\y6fu7tx.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\w5vrz2q.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\uqpd6xl.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\tvz8qoc.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\ticx4i3.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\t3sa0we.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\qaerr51.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\pd3o9ux.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\npnumj5.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\l889h3y.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\kmixqv7.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\j8je0n2.dll
[2004/08/03 20:56:44 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\d73hj5x.dll
[2001/08/23 10:00:00 | 00,000,653 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 10:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/07/29 23:54:34 | 00,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== Files - Modified Within 30 Days ==========

[2009/07/26 13:25:51 | 00,013,753 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/07/26 13:24:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/26 13:23:37 | 00,002,239 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/07/26 13:23:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/26 13:23:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/26 13:23:15 | 30,817,97632 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/26 01:53:56 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/25 21:04:18 | 00,084,992 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/25 19:04:00 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/25 18:26:46 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/07/24 16:15:57 | 00,006,213 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\InfoPass...htm
[2009/07/23 15:23:50 | 00,000,355 | ---- | M] () -- C:\WINDOWS\System32\gg9cgr5.tgz
[2009/07/23 15:23:50 | 00,000,115 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.tgz
[2009/07/23 15:23:49 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2009/07/23 04:36:43 | 04,316,660 | -H-- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\IconCache.db
[2009/07/23 03:47:29 | 00,000,718 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/07/23 03:47:10 | 00,001,005 | ---- | M] () -- C:\WINDOWS\mercury.ini
[2009/07/23 03:44:27 | 00,001,092 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTest Professional.lnk
[2009/07/23 03:33:09 | 14,786,31511 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\T6510-15063 (1).zip
[2009/07/20 19:41:18 | 00,058,368 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Sandeep_Rayapalli Validations.doc
[2009/07/18 20:23:51 | 00,200,704 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Reuters_TestHarness_STR.xls
[2009/07/18 20:23:21 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Cycle_Report.xls
[2009/07/18 20:22:45 | 00,217,686 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Part2.zip
[2009/07/18 20:22:27 | 00,443,250 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Part1.zip
[2009/07/17 00:06:24 | 00,042,944 | ---- | M] () -- C:\Documents and Settings\Sandy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/16 22:51:29 | 00,002,290 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Google Chrome.lnk
[2009/07/16 10:47:52 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 14:25:42 | 01,987,320 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Sys Report
[2009/07/15 01:17:39 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/07/13 20:02:40 | 00,007,116 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2009/07/13 17:00:06 | 00,075,264 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\AUPM - OSM Self Help Portal Initial Trial1.2 (3).doc
[2009/07/13 16:59:01 | 00,129,024 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\OSM_testcases1 (1).doc
[2009/07/13 16:51:52 | 00,156,672 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Copy_Deck_OSM_Self_Help_Portal1.5 (2).ppt
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/12 23:56:24 | 00,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/12 19:40:58 | 00,000,653 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/12 19:39:43 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/07/12 19:07:00 | 00,000,620 | ---- | M] () -- C:\WINDOWS\RegGenie.ini
[2009/07/12 17:20:38 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\tuviyaji
[2009/07/12 17:19:33 | 00,000,211 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/07/12 16:19:11 | 00,316,342 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090712-184512.backup
[2009/07/12 15:34:38 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090712-161911.backup
[2009/07/12 00:51:51 | 00,065,024 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\Low Back Pain.ppt
[2009/07/11 16:35:16 | 01,123,840 | ---- | M] () -- C:\Documents and Settings\Sandy\Desktop\shobha%20facial%20pain[1].ppt
[2009/07/10 17:24:03 | 00,579,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/10 17:24:03 | 00,483,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/10 17:24:03 | 00,088,742 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/04 11:48:14 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/02 15:43:30 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/07/02 05:47:49 | 00,000,218 | ---- | M] () -- C:\WINDOWS\System32\runPublishUtil.bat
[2009/07/01 17:13:16 | 00,161,816 | ---- | M] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2009/06/30 18:12:31 | 00,000,459 | -H-- | M] () -- C:\IPH.PH
< End of report >
=====================


Thanks,
Sandy.

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 26 July 2009 - 06:16 PM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\WINDOWS\System32\zujmcc7.dll
C:\WINDOWS\System32\y6fu7tx.dll
C:\WINDOWS\System32\w5vrz2q.dll
C:\WINDOWS\System32\uqpd6xl.dll
C:\WINDOWS\System32\l889h3y.dll

Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 san_scorpio9

san_scorpio9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 26 July 2009 - 06:39 PM

I have scanned with both the Online scanners.Nothing came up.

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 26 July 2009 - 09:14 PM

As a final check - Please perform the following online scan:

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 san_scorpio9

san_scorpio9
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 26 July 2009 - 10:30 PM

Hello Kahdah,

I did scan with ESET and nothing came up.Does it mean, my system is free of spyware,malware and all.
Thank you very much for your help.

Cheers,
Sandy.

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 27 July 2009 - 06:56 AM

Ahh sorry didn't mean to post that twice.

Cleanup:

Please double click on OTL it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your all set. :thumbup2:


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users