Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MFeed Redirect Malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 Kyle26

Kyle26

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 25 January 2010 - 08:06 PM

I was having trouble with the MFeed redirect from google searches, my Gmail was also messed up. I've ran search and destroy and done a system restore for a week previous. I'd be grateful if someone could take a look at my most recent log and let me know where I'm at. Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:49 PM, on 1/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kyle\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [dagobarapa] Rundll32.exe "C:\WINDOWS\system32\titohoru.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dagobarapa] Rundll32.exe "C:\WINDOWS\system32\titohoru.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: wichvh.dll c:\windows\system32\mewisale.dll c:\windows\system32\gugakeje.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9782 bytes


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 PM

Posted 01 February 2010 - 07:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS or GMER log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  1. Click on the My Controls link at the top of the page to enter your control panel.
  2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Kyle26

Kyle26
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 01 February 2010 - 10:20 PM

gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-01 19:09:36
Windows 5.1.2600 Service Pack 3
Running: 9zlbz40c.exe; Driver: C:\DOCUME~1\Kyle\LOCALS~1\Temp\fwrcyaoc.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF73F8506]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF73E7240]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF73E7432]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF73F8CC8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF73F8F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF73F73EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF73F93EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73F87B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF73E6EF0]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF72AF1CE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF72AF13A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF72AF124]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF72AF150]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF72AF20E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF72AF17C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72AEFE4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72AEFF8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF72AF1E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF72AF1B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF72AF10E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF72AF0F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF72AF1A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF72AF190]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF72AF060]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF72AF04C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF72AF166]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF72AF224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF72AF1F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP F72AF1FC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP F72AF1D2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP F72AF212 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP F72AF228 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP F72AF1E6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP F72AEFE8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP F72AEFFC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP F72AF050 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP F72AF064 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EA 7 Bytes JMP F72AF0FC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622062 7 Bytes JMP F72AF16A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622900 7 Bytes JMP F72AF112 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF2 7 Bytes JMP F72AF13E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425C 7 Bytes JMP F72AF128 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EAA 7 Bytes JMP F72AF1BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062516A 5 Bytes JMP F72AF194 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwLoadKey2 806255BA 7 Bytes JMP F72AF154 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585E 5 Bytes JMP F72AF1A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625978 5 Bytes JMP F72AF180 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01500FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01500F72
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0150005D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01500F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01500F94
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01500FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01500F3A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01500082
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 015000A4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01500F0B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 015000BF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01500036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0150000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01500F57
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0150001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01500FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01500093
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014F0FB2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014F0F6B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014F0FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014F0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014F0028
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014F0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 014F0F86
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [6F, 89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014F0F97
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] msvcrt.dll!_wsystem 77C2931E 3 Bytes JMP 014E0044
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] msvcrt.dll!_wsystem + 4 77C29322 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] msvcrt.dll!system 77C293C7 3 Bytes JMP 014E0FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] msvcrt.dll!system + 4 77C293CB 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] msvcrt.dll!_creat 77C2D40F 3 Bytes JMP 014E0018
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] msvcrt.dll!_creat + 4 77C2D413 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014E0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] msvcrt.dll!_wcreat 77C2FC9B 3 Bytes JMP 014E0029
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] msvcrt.dll!_wcreat + 4 77C2FC9F 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014E0FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[340] WS2_32.dll!socket 71AB4211 5 Bytes JMP 014D0000
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AC0086
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AC0075
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC0064
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AC0047
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AC0FCA
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AC0F4A
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AC0F5B
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC00C8
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AC0F25
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AC00D9
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AC0FA5
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AC0F76
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AC0036
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AC0025
.text C:\WINDOWS\system32\svchost.exe[420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AC00AD
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AB0FCA
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AB0087
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AB0FE5
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AB001B
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AB006C
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AB005B
.text C:\WINDOWS\system32\svchost.exe[420] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AB0036
.text C:\WINDOWS\system32\svchost.exe[420] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AA0053
.text C:\WINDOWS\system32\svchost.exe[420] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AA0042
.text C:\WINDOWS\system32\svchost.exe[420] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AA0FD2
.text C:\WINDOWS\system32\svchost.exe[420] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[420] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AA0027
.text C:\WINDOWS\system32\svchost.exe[420] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AA000C
.text C:\WINDOWS\system32\svchost.exe[420] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00A90FCA
.text C:\WINDOWS\system32\svchost.exe[420] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[420] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00A90FB9
.text C:\WINDOWS\system32\svchost.exe[420] WININET.dll!InternetOpenUrlW 771D5BB2 3 Bytes JMP 00A9000C
.text C:\WINDOWS\system32\svchost.exe[420] WININET.dll!InternetOpenUrlW + 4 771D5BB6 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[420] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00F77
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00062
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00051
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C0002F
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00F46
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00098
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000D5
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C000BA
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C000E6
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00FA8
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00087
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C0001E
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FCD
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C000A9
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0F4D
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0F68
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0F8D
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0FAD
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FC8
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FD9
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE000C
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0038
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE001D
.text C:\WINDOWS\system32\services.exe[752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0007005E
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F69
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F7A
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F97
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002F
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetStartupInfoW 7C801E54 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F58
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700A0
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700D9
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F36
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F1B
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070FA8
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070079
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070014
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FC3
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F47
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F7C
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050070
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050055
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050029
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005003A
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\lsass.exe[764] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C70F8F
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C70084
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C70FAA
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C70073
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C7003D
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C700C6
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C70F7E
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C70F48
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C70F59
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C700FC
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C70062
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C70FDB
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C700A9
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C7002C
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C7001B
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C700E1
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C60FC3
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C60F68
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C60FDE
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C60F8D
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C6000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C60F9E
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E6, 88] {OUT 0x88, AL}
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C60025
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C50F75
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C5000A
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C50FB5
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C50FE3
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C50F9A
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C50FC6
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C4000A
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F65
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A005A
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A003D
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F80
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0022
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0075
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F39
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F08
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0097
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00BC
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0F9B
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FDB
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F4A
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0011
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FC0
.text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0086
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290036
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F9E
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FE5
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290025
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0029005B
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FB9
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_wsystem 77C2931E 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0022
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0011
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0000
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FA1
.text C:\WINDOWS\System32\svchost.exe[1104] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FC6
.text C:\WINDOWS\System32\svchost.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC009D
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0082
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0FA8
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0065
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC00DF
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC00B8
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC0115
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC0F72
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CC0F61
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC004A
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CC0F8D
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CC00F0
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CB0F9E
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CB003D
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CB0FAF
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CB0FCA
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CB0022
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CB0011
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0078
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0FE3
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA0038
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0053
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA0011
.text C:\WINDOWS\system32\svchost.exe[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00700F9B
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00700090
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700073
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700062
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0070002C
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00700F6F
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00700F80
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007000F7
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007000E6
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00700F4D
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0070003D
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007000AB
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0070001B
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00700F5E
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0FDE
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0FA8
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F0025
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0FC3
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0000
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 006F0065
.text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F004A
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0F9A
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0025
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0FC6
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0FE3
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0FAB
.text C:\WINDOWS\System32\svchost.exe[1168] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[1168] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0000
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04EF0FE5
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 04EF0053
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 04EF0F68
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04EF0F79
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 04EF0F8A
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 04EF0011
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 04EF0F32
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 04EF0F43
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04EF00B0
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 04EF0F0D
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 04EF00CB
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 04EF002C
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 04EF0000
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 04EF006E
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 04EF0FA5
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 04EF0FC0
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 04EF008B
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 04EE0FD4
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04EE006C
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04EE001B
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04EE0000
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 04EE005B
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04EE0FEF
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 04EE0FB9
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0E, 8D]
.text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 04EE0040
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04ED0FB2
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!system 77C293C7 5 Bytes JMP 04ED0FC3
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 04ED0029
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04ED0FEF
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 04ED0FD4
.text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04ED0018
.text C:\WINDOWS\System32\svchost.exe[1224] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02440FEF
.text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 04EC0FE5
.text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 04EC0000
.text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 04EC0011
.text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 04EC0FBE
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700FEF
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00700F61
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00700056
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700F7C
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700F8D
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700FA8
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00700F46
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0070008E
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007000BA
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00700F21
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00700F06
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0070002F
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00700000
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00700071
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00700FB9
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00700FD4
.text C:\WINDOWS\System32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007000A9
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0F9E
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0F68
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0FB9
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F0FD4
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0025
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F0F83
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0058
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0FCD
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0000
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0FDE
.text C:\WINDOWS\System32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E001D
.text C:\WINDOWS\System32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007B0071
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007B0060
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007B0043
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007B0F86
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007B0FA1
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007B008C
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007B0F50
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007B00C9
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007B00B8
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007B00EE
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007B0028
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007B0FDE
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007B0F61
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007B0FB2
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007B0FC3
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007B009D
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007A0FD4
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007A0076
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007A0025
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007A0FEF
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 007A005B
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 007A0FB9
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [9A, 88]
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 007A0040
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00790047
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!system 77C293C7 5 Bytes JMP 00790FC6
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00790011
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00790FE3
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0079002C
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B00F61
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B00056
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B00F7C
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B00F8D
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B0002F
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B0008C
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B00F46
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B000DD
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B000C2
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B00F29
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B00FA8
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B00FDE
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B00071
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B00FB9
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B0009D
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AF0FCA
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AF005B
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AF001B
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AF000A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AF004A
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AF0FE5
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AF0FA8
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CF, 88]
.text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AF0FB9
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AE0038
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AE0FB7
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AE0FE3
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AE000C
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AE0FD2
.text C:\WINDOWS\system32\svchost.exe[1460] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AE001D
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F66
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00F77
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00051
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00040
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00F9E
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A00F3A
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00082
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A00F0E
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A0009D
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A00EF3
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00025
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A00F55
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A00FB9
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A00FCA
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A00F29
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0FB9
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0065
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0040
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009F002F
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0FA8
.text C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0FB7
.text C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0038
.text C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E000C
.text C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E001D
.text C:\WINDOWS\system32\svchost.exe[1508] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0FDE
.text C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0000
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01420FEF
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014200AB
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01420090
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0142007F
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01420058
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01420036
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01420F9B
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 014200E3
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01420F6F
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014200FE
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01420119
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01420047
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0142000A
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 014200C6
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01420025
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01420FD4
.text C:\WINDOWS\Explorer.EXE[1920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01420F80
.text C:\WINDOWS\Explorer.EXE[1920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\Explorer.EXE[1920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0FAF
.text C:\WINDOWS\Explorer.EXE[1920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE0036
.text C:\WINDOWS\Explorer.EXE[1920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0025
.text C:\WINDOWS\Explorer.EXE[1920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\Explorer.EXE[1920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0000
.text C:\WINDOWS\Explorer.EXE[1920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FE0062
.text C:\WINDOWS\Explorer.EXE[1920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE0051
.text C:\WINDOWS\Explorer.EXE[1920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0F9C
.text C:\WINDOWS\Explorer.EXE[1920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FB7
.text C:\WINDOWS\Explorer.EXE[1920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0FD2
.text C:\WINDOWS\Explorer.EXE[1920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
.text C:\WINDOWS\Explorer.EXE[1920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0027
.text C:\WINDOWS\Explorer.EXE[1920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0FE3
.text C:\WINDOWS\Explorer.EXE[1920] WININET.dll!InternetOpenW 771BAF49 5 Bytes JMP 00B8001B
.text C:\WINDOWS\Explorer.EXE[1920] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00B80000
.text C:\WINDOWS\Explorer.EXE[1920] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00B80042
.text C:\WINDOWS\Explorer.EXE[1920] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\Explorer.EXE[1920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C1006C
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10F6D
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10051
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10F94
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FB9
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10F5C
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10098
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C100C9
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10F30
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C10F15
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10040
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C1007D
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C10F41
.text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FCD
.text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C0004A
.text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00014
.text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C0002F
.text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C00F97
.text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E0, 88] {LOOPNZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00FB2
.text C:\WINDOWS\system32\svchost.exe[2076] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0F97
.text C:\WINDOWS\system32\svchost.exe[2076] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\svchost.exe[2076] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\svchost.exe[2076] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FE3
.text C:\WINDOWS\system32\svchost.exe[2076] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0FBC
.text C:\WINDOWS\system32\svchost.exe[2076] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[2076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC00BA
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC00A9
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC008E
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC007D
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC00E1
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F99
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00FC
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F63
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0F48
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC006C
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0FAA
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0036
.text C:\WINDOWS\system32\svchost.exe[2096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F7E
.text C:\WINDOWS\system32\svchost.exe[2096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\svchost.exe[2096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\system32\svchost.exe[2096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\svchost.exe[2096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\svchost.exe[2096] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[2096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[2096] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\svchost.exe[2096] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\system32\svchost.exe[2096] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0051
.text C:\WINDOWS\system32\svchost.exe[2096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0FA3
.text C:\WINDOWS\system32\svchost.exe[2096] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0038
.text C:\WINDOWS\system32\svchost.exe[2096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0FE3
.text C:\WINDOWS\system32\svchost.exe[2096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[2096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0FC8
.text C:\WINDOWS\system32\svchost.exe[2096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E9006E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90F79
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90F94
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90051
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90036
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90F41
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E90F5E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F0B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E90F1C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E900C9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90FAF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E90089
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E90FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E9009A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E80036
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E8001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E80000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E80FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [08, 89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E80051
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E70042
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70031
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E70FB7
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2408] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F3F
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0034
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F5A
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F6B
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0F97
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F11
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F2E
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0074
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0EE5
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0085
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0F7C
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0059
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FB2
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\system32\dllhost.exe[2904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0EF6
.text C:\WINDOWS\system32\dllhost.exe[2904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290FC8
.text C:\WINDOWS\system32\dllhost.exe[2904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FD9
.text C:\WINDOWS\system32\dllhost.exe[2904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0029002E
.text C:\WINDOWS\system32\dllhost.exe[2904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0029000C
.text C:\WINDOWS\system32\dllhost.exe[2904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0029003F
.text C:\WINDOWS\system32\dllhost.exe[2904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0029001D
.text C:\WINDOWS\system32\dllhost.exe[2904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\dllhost.exe[2904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F5B
.text C:\WINDOWS\system32\dllhost.exe[2904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[2904] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\system32\dllhost.exe[2904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0F76
.text C:\WINDOWS\system32\dllhost.exe[2904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\system32\dllhost.exe[2904] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002A0022
.text C:\WINDOWS\system32\dllhost.exe[2904] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0FA5
.text C:\WINDOWS\system32\dllhost.exe[2904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Kyle at 17:04:01.76 on Mon 02/01/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.201 [GMT -8:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Kyle\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [Aim6]
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [BuildBU] c:\dell\bldbubg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
AppInit_DLLs: wichvh.dll c:\windows\system32\mewisale.dll c:\windows\system32\gugakeje.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kyle\applic~1\mozilla\firefox\profiles\j6esr8jx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - gmail.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\kyle\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-27 340592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-17 130424]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2008-9-29 143088]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-1-27 67904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-28 24652]
R3 Angel;Angel MPEG Device;c:\windows\system32\drivers\Angel.sys [2005-9-15 375936]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-27 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-27 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-1-27 64432]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-17 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-17 1095560]

=============== Created Last 30 ================

2010-01-26 00:55:28 0 d-----w- c:\program files\TrendMicro
2010-01-26 00:40:01 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-25 03:47:18 0 ----a-w- c:\windows\system32\񀿉
2010-01-25 03:37:06 0 d-----w- C:\ComboFix(2)
2010-01-25 02:27:22 0 d-----w- C:\cmdcons
2010-01-13 02:20:47 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:21:05 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-22 05:21:03 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-22 05:21:02 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-22 05:21:00 3071488 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-22 05:20:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-22 05:20:58 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-12-08 14:47:21 289584 ----a-w- c:\program files\uTorrent.exe
2009-11-12 00:09:23 229592 ----a-w- c:\windows\system32\FNTCACHE.DAT

============= FINISH: 17:05:06.98 ===============


Thank you!


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:51 PM

Posted 02 February 2010 - 01:24 PM

Hello, Kyle26
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Kyle26

Kyle26
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 02 February 2010 - 10:15 PM

Schrauber,

I was unable to save ComboFix to a new name. When downloading I was never given a prompt that allowed me to do so. I hope this still works. Thanks.

ComboFix 10-02-02.02 - Kyle 02/02/2010 18:34:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.548 [GMT -8:00]
Running from: c:\documents and settings\Kyle\Desktop\combofix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\bszip.dll
c:\windows\system32\Data
c:\windows\Tasks\ipfmavnt.job

----- BITS: Possible infected sites -----

hxxp://82.98.235.29
.
((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-01-13 02:20 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 04:52 . 2010-01-11 04:52 127903 ----a-w- c:\documents and settings\Kyle\Application Data\Move Networks\uninstall.exe
2010-01-11 04:52 . 2010-01-11 05:48 -------- d-----w- c:\documents and settings\Kyle\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 02:57 . 2009-01-28 14:52 -------- d-----w- c:\documents and settings\Kyle\Application Data\uTorrent
2010-01-26 00:55 . 2010-01-26 00:55 388096 ----a-r- c:\documents and settings\Kyle\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-26 00:55 . 2010-01-26 00:55 -------- d-----w- c:\program files\TrendMicro
2010-01-26 00:39 . 2009-03-26 20:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 00:39 . 2009-01-28 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-23 21:03 . 2009-01-30 14:05 -------- d-----w- c:\documents and settings\Kyle\Application Data\HPAppData
2010-01-11 04:52 . 2009-05-27 23:29 4183416 ----a-w- c:\documents and settings\Kyle\Application Data\Move Networks\plugins\npqmp071502000008.dll
2010-01-05 11:00 . 2009-01-28 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-22 05:21 . 2004-08-19 20:49 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-19 20:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-08 14:47 . 2009-01-28 14:57 289584 ----a-w- c:\program files\uTorrent.exe
2009-11-21 15:51 . 2004-08-19 20:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 04:00 . 2009-11-17 04:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-12 00:34 . 2009-11-12 00:34 152576 ----a-w- c:\documents and settings\Kyle\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 00:33 . 2009-11-12 00:33 79488 ----a-w- c:\documents and settings\Kyle\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2008-09-29 16:07 . 2009-01-28 04:37 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-30 339968]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-15 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-12 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/17/2009 10:20 AM 130424]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 8:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/27/2009 8:37 PM 67904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/28/2009 6:15 AM 24652]
R3 Angel;Angel MPEG Device;c:\windows\system32\drivers\Angel.sys [9/15/2005 6:54 AM 375936]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/27/2009 8:37 PM 64432]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/17/2009 10:19 AM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kyle\Application Data\Mozilla\Firefox\Profiles\j6esr8jx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - gmail.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\Kyle\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-BuildBU - c:\dell\bldbubg.exe
AddRemove-Soulseek - c:\program files\Soulseek\uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 18:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-02 18:42:22
ComboFix-quarantined-files.txt 2010-02-03 02:42

Pre-Run: 83,442,999,296 bytes free
Post-Run: 83,575,517,184 bytes free

- - End Of File - - F09877D70C79321A52CDCB05E988EFBA


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:51 PM

Posted 03 February 2010 - 01:34 PM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt



  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 Kyle26

Kyle26
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 03 February 2010 - 10:47 PM

Malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/3/2010 6:42:14 PM
mbam-log-2010-02-03 (18-42-14).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 199216
Time elapsed: 1 hour(s), 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP329\A0022325.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP330\A0022499.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP330\A0022688.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP339\A0026096.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP339\A0026201.sys (Malware.Trace) -> Quarantined and deleted successfully.


ESET found no threats and I was never given the option to save a log file.


OTL.Txt:

OTL logfile created on: 2/3/2010 7:31:26 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Kyle\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 269.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 77.79 Gb Free Space | 53.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WORSTCOMPUTER
Current User Name: Kyle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/03 16:38:48 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle\Desktop\OTL.exe
PRC - [2010/01/07 06:44:41 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/28 20:21:26 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2008/09/29 08:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2008/09/29 08:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/26 02:25:18 | 000,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/03/25 21:27:58 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/03/25 20:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 20:49:00 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/03/14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 04:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/09/15 07:24:52 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/03/30 01:57:08 | 000,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/02/23 13:19:56 | 000,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/12/05 22:05:00 | 000,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/07/27 13:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2000/06/26 04:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
PRC - [1999/12/13 12:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/03 16:38:48 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 20:38:24 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/03/30 01:57:08 | 000,360,448 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/07/15 01:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2000/06/26 04:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 12:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "gmail.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/27 21:52:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 06:44:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 06:44:48 | 000,000,000 | ---D | M]

[2009/01/27 20:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Extensions
[2010/02/02 19:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\j6esr8jx.default\extensions
[2009/06/17 15:31:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\j6esr8jx.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/02/02 19:23:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/29 08:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/03/31 19:01:41 | 000,000,728 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/19 12:52:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/03 18:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/03 16:38:38 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kyle\Desktop\OTL.exe
[2010/02/02 19:12:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/02 17:36:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/02 17:34:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/02 17:34:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/02 17:34:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/02 17:34:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/25 16:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/24 19:37:06 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2010/01/24 18:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/24 14:53:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2009/05/11 15:03:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/09 19:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/01/31 12:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/01/28 06:57:53 | 000,289,584 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\uTorrent.exe
[2005/09/15 06:54:24 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2004/08/19 13:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/19 12:57:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/03 18:42:22 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\hpkitm.sys
[2010/02/03 16:40:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/03 16:40:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/03 16:40:41 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/03 16:40:05 | 004,067,328 | ---- | M] () -- C:\Documents and Settings\Kyle\NTUSER.DAT
[2010/02/03 16:39:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kyle\ntuser.ini
[2010/02/03 16:38:48 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle\Desktop\OTL.exe
[2010/02/03 16:37:11 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\esetsmartinstaller_enu.exe
[2010/02/03 16:36:21 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/02 18:40:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/02 17:36:14 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/02/01 19:48:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/01 07:18:45 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Microsoft Word .lnk
[2010/01/28 18:59:20 | 000,098,816 | ---- | M] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 20:15:00 | 067,712,791 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\The Ricky Gervais Guide To The Human Body.mp3
[2010/01/26 06:42:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kyle\񀿉
[2010/01/25 16:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/25 16:37:43 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yibapepi
[2010/01/24 19:47:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\񀿉
[2010/01/23 03:00:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\yibapepi
[2010/02/03 18:42:22 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpkitm.sys
[2010/02/03 16:36:58 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\esetsmartinstaller_enu.exe
[2010/02/02 17:34:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/02 17:34:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/02 17:34:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/02 17:34:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/02 17:34:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/26 20:09:20 | 067,712,791 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\The Ricky Gervais Guide To The Human Body.mp3
[2010/01/24 19:47:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\񀿉
[2010/01/24 18:27:28 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/01/24 18:27:25 | 000,260,272 | ---- | C] () -- C:\cmldr
[2009/02/01 09:27:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/01 09:27:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/28 07:08:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/27 21:46:13 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/01/27 19:56:39 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/27 16:24:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/27 16:21:20 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\fusioncache.dat
[2005/09/15 07:36:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/15 07:26:40 | 000,000,273 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/15 07:20:13 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/09/15 07:20:05 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/09/15 07:20:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/09/15 07:19:59 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/09/15 06:54:24 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/09/15 06:54:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/09/15 06:54:14 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2005/09/15 06:54:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2005/09/15 06:53:52 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/05 11:50:14 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\dlbtplc.ini
[2005/04/09 14:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 13:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/01/28 06:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/06/17 15:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/03/26 11:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/17 15:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/30 19:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/11/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/13 19:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/28 06:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\acccore
[2009/01/28 19:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\BSplayer
[2009/01/28 19:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\BSplayer Pro
[2010/02/03 18:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\uTorrent
[2009/05/19 05:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 02:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 02:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/31 09:24:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/31 09:24:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 20:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 20:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 02:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 02:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/31 09:24:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/31 09:24:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 02:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 02:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 02:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 02:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


Extras.Txt

OTL Extras logfile created on: 2/3/2010 7:31:26 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Kyle\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 269.00 Mb Available Physical Memory | 26.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 77.79 Gb Free Space | 53.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WORSTCOMPUTER
Current User Name: Kyle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\uTorrent.exe" = C:\Program Files\uTorrent.exe:*:Enabled:礣orrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83C1CC71-704D-4B4D-8382-7C3B53B2FC65}" = G21922EN
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"RealPlayer 6.0" = RealPlayer Basic
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 6.0
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check" = ESPN Java Check
"Move Media Player" = Move Media Player
"uTorrent" = 礣orrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2010 11:31:41 PM | Computer Name = WORSTCOMPUTER | Source = MsiInstaller | ID = 11706
Description = Product: PSSWCORE -- Error 1706. An installation package for the product
PSSWCORE cannot be found. Try the installation again using a valid copy of the
installation package 'PSSWCORE.msi'.

Error - 1/24/2010 11:34:47 PM | Computer Name = WORSTCOMPUTER | Source = MsiInstaller | ID = 11706
Description = Product: PSSWCORE -- Error 1706. An installation package for the product
PSSWCORE cannot be found. Try the installation again using a valid copy of the
installation package 'PSSWCORE.msi'.

Error - 1/24/2010 11:35:54 PM | Computer Name = WORSTCOMPUTER | Source = MsiInstaller | ID = 11706
Description = Product: PSSWCORE -- Error 1706. An installation package for the product
PSSWCORE cannot be found. Try the installation again using a valid copy of the
installation package 'PSSWCORE.msi'.

Error - 1/24/2010 11:37:48 PM | Computer Name = WORSTCOMPUTER | Source = MsiInstaller | ID = 11706
Description = Product: PSSWCORE -- Error 1706. An installation package for the product
PSSWCORE cannot be found. Try the installation again using a valid copy of the
installation package 'PSSWCORE.msi'.

Error - 1/24/2010 11:41:10 PM | Computer Name = WORSTCOMPUTER | Source = MsiInstaller | ID = 11706
Description = Product: PSSWCORE -- Error 1706. An installation package for the product
PSSWCORE cannot be found. Try the installation again using a valid copy of the
installation package 'PSSWCORE.msi'.

Error - 1/24/2010 11:47:00 PM | Computer Name = WORSTCOMPUTER | Source = MsiInstaller | ID = 11706
Description = Product: PSSWCORE -- Error 1706. An installation package for the product
PSSWCORE cannot be found. Try the installation again using a valid copy of the
installation package 'PSSWCORE.msi'.

Error - 1/25/2010 1:56:47 AM | Computer Name = WORSTCOMPUTER | Source = MsiInstaller | ID = 11706
Description = Product: PSSWCORE -- Error 1706. An installation package for the product
PSSWCORE cannot be found. Try the installation again using a valid copy of the
installation package 'PSSWCORE.msi'.

Error - 1/25/2010 8:37:41 PM | Computer Name = WORSTCOMPUTER | Source = MsiInstaller | ID = 11706
Description = Product: PSSWCORE -- Error 1706. An installation package for the product
PSSWCORE cannot be found. Try the installation again using a valid copy of the
installation package 'PSSWCORE.msi'.

Error - 2/1/2010 9:10:45 PM | Computer Name = WORSTCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application 9zlbz40c.exe, version 1.0.15.15281, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/3/2010 8:38:56 PM | Computer Name = WORSTCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/24/2010 6:16:32 PM | Computer Name = WORSTCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/24/2010 11:28:38 PM | Computer Name = WORSTCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/25/2010 8:47:19 PM | Computer Name = WORSTCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/26/2010 10:41:33 AM | Computer Name = WORSTCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/27/2010 10:47:50 AM | Computer Name = WORSTCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/28/2010 10:35:16 AM | Computer Name = WORSTCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/31/2010 1:32:51 PM | Computer Name = WORSTCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 2/1/2010 11:18:11 PM | Computer Name = WORSTCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 2/2/2010 10:33:05 PM | Computer Name = WORSTCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 2/3/2010 8:43:29 PM | Computer Name = WORSTCOMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:51 PM

Posted 05 February 2010 - 12:53 PM

Hi,


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.





Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    [2010/01/25 16:37:43 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\yibapepi
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Kyle26

Kyle26
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 09 February 2010 - 08:12 PM

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
File C:\WINDOWS\System32\yibapepi not found.

OTL by OldTimer - Version 3.1.27.1 log created on 02092010_170540










OTL logfile created on: 2/9/2010 5:07:15 PM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Kyle\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 343.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 43.79 Gb Free Space | 30.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WORSTCOMPUTER
Current User Name: Kyle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Kyle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kyle\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMDM PMSP Service) -- C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (elagopro) -- C:\WINDOWS\system32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\WINDOWS\system32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Angel) -- C:\WINDOWS\system32\drivers\Angel.sys (Emuzed, Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "gmail.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/27 21:52:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/09 17:01:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 06:44:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 06:44:48 | 000,000,000 | ---D | M]

[2009/01/27 20:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Extensions
[2009/01/27 20:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/09 17:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\j6esr8jx.default\extensions
[2009/06/17 15:31:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\j6esr8jx.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/06/17 15:31:54 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\j6esr8jx.default\searchplugins\aim-search.xml
[2010/02/09 17:02:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/07 06:44:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/06 07:34:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/01 08:51:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/09 20:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010/02/09 17:01:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/01/07 06:44:40 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/07 06:44:40 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/09/29 08:07:00 | 000,022,576 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/02/09 17:01:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/09/26 08:40:34 | 000,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2010/01/07 06:44:43 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2004/12/14 01:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/16 20:11:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/16 20:11:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/16 20:11:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/16 20:11:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/16 20:11:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/16 20:11:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/16 20:11:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/08/21 05:17:38 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/21 05:17:38 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/21 05:17:38 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/21 05:17:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/21 05:17:38 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/21 05:17:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/21 05:17:38 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/03/31 19:01:41 | 000,000,728 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/09 17:03:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/09 17:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/09 17:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/09 17:01:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/09 17:01:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/09 17:01:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/09 17:01:27 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/09 16:57:24 | 016,254,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Kyle\Desktop\jre-6u18-windows-i586.exe
[2010/02/08 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/02/08 19:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\.SunDownloadManager
[2010/02/05 08:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\RJ Betti
[2010/02/03 18:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/03 16:38:38 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kyle\Desktop\OTL.exe
[2010/02/02 19:12:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/02 17:36:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/02 17:34:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/02 17:34:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/02 17:34:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/02 17:34:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/25 16:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/24 19:37:06 | 000,000,000 | ---D | C] -- C:\ComboFix(2)
[2010/01/24 18:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/24 14:53:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/12 18:20:47 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/10 20:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\Move Networks
[2009/05/11 15:03:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/09 19:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/01/31 12:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/01/28 06:57:53 | 000,319,280 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\uTorrent.exe
[2005/09/15 06:54:24 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2004/08/19 13:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/19 12:57:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/09 17:00:57 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/09 17:00:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/09 17:00:57 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/09 17:00:57 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/09 17:00:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/09 16:59:20 | 016,254,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Kyle\Desktop\jre-6u18-windows-i586.exe
[2010/02/09 16:56:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kyle\񀿉
[2010/02/09 16:53:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 16:53:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 16:53:04 | 1071,796,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/09 16:50:33 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 16:46:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kyle\ntuser.ini
[2010/02/09 16:46:53 | 004,067,328 | ---- | M] () -- C:\Documents and Settings\Kyle\NTUSER.DAT
[2010/02/08 21:44:18 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent.exe
[2010/02/08 20:40:12 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 19:48:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/03 16:38:48 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle\Desktop\OTL.exe
[2010/02/03 16:37:11 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\esetsmartinstaller_enu.exe
[2010/02/03 16:36:21 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/02 18:40:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/02 17:36:14 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/02/01 07:18:45 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Microsoft Word .lnk
[2010/01/25 16:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/24 19:47:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\񀿉
[2010/01/12 17:33:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/03 16:36:58 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\esetsmartinstaller_enu.exe
[2010/02/02 17:34:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/02 17:34:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/02 17:34:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/02 17:34:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/02 17:34:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/24 19:47:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\񀿉
[2010/01/24 18:27:28 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/01/24 18:27:25 | 000,260,272 | ---- | C] () -- C:\cmldr
[2009/02/01 09:27:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/01 09:27:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/28 07:08:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/27 21:46:13 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/01/27 19:56:39 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/27 16:24:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/01/27 16:21:20 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\fusioncache.dat
[2005/09/15 07:36:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/15 07:26:40 | 000,000,273 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/15 07:20:13 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/09/15 07:20:05 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/09/15 07:20:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/09/15 07:19:59 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/09/15 06:54:24 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/09/15 06:54:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/09/15 06:54:14 | 000,102,480 | ---- | C] () -- C:\WINDOWS\System32\EzRating.dll
[2005/09/15 06:54:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EzdCoIns.dll
[2005/09/15 06:53:52 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/05 11:50:14 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\dlbtplc.ini
[2005/04/09 14:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 13:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:51 PM

Posted 10 February 2010 - 02:15 PM

Hi,


Delete ComboFix and Clean Up
Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall)
Please advise if this step is missed for any reason as it performs some important actions.




Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools.




Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean smile.gif



Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  6. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  8. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Make Internet Explorer 7 more secure
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


Install SpywareBlaster

SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 Kyle26

Kyle26
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 11 February 2010 - 12:56 AM

Awesome. Thank you very much for your time!

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:05:51 PM

Posted 13 February 2010 - 06:56 AM

You're welcome smile.gif

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users