Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infection that wont let Mcafee or other programs open such as itunes and instal shield


  • This topic is locked This topic is locked
33 replies to this topic

#1 ohcrap

ohcrap

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 12 March 2010 - 09:47 PM

Sorry, I don't know the specific name of the infection or problem im having, but various programs are not being allowed to open. Mcafee doesn't open. itunes says it has encountered an error and needs to close, same thing with install shield and real player. Any help would be awesome. Not sure how all this works but if I haven't described the problem with enough detail, again sorry.


DDS (Ver_09-12-01.01) - NTFSx86
Run by BRANDO at 21:07:08.20 on Tue 03/09/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.118 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Documents and Settings\BRANDO\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\documents and settings\brando\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://chatsupport.palm.com/sdccommon/download/tgctlcm.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brando\applic~1\mozilla\firefox\profiles\kj9gs1nw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\brando\application data\mozilla\firefox\profiles\kj9gs1nw.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-18 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-18 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-18 144704]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ehmpgl.sys --> c:\windows\system32\drivers\ehmpgl.sys [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-18 773448]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-18 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-18 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-18 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-18 33832]

=============== Created Last 30 ================

2010-02-15 19:30:21 0 d-----w- c:\program files\iPod
2010-02-15 19:29:42 0 d-----w- c:\program files\iTunes
2010-02-10 16:40:41 0 d-----w- c:\docume~1\brando\applic~1\Malwarebytes
2010-02-10 16:40:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-12-31 16:14:12 352640 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 12:58:04 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:35:35 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2007-04-01 01:02:43 56 --sh--r- c:\windows\system32\BC77B6034D.sys
2007-04-01 01:02:43 2776 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:08:40.18 ===============

Attached Files


Edited by ohcrap, 12 March 2010 - 09:53 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:19 PM

Posted 14 March 2010 - 01:38 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 ohcrap

ohcrap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 14 March 2010 - 08:06 PM

Here's the OTL LOG, thanks tons!!

OTL logfile created on: 3/14/2010 8:35:00 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\BRANDO\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 86.00 Mb Available Physical Memory | 17.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.99 Gb Total Space | 37.51 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2W77Z71
Current User Name: BRANDO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/14 20:33:21 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BRANDO\Desktop\OTL.exe
PRC - [2010/03/10 08:32:33 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/18 08:09:43 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/11/01 19:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,542,704 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/03/04 11:26:08 | 000,688,128 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/10/30 14:59:54 | 000,466,944 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/13 16:33:20 | 000,229,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (IntelŪ Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/08/19 14:40:08 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/07/27 16:50:18 | 000,155,648 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/06/09 14:27:34 | 000,548,864 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/03/14 20:33:21 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BRANDO\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 10:04:10 | 000,773,448 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/07 09:35:40 | 000,447,816 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/03/07 15:47:46 | 000,146,480 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/10/25 21:01:52 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (IntelŪ Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 06:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/06/19 17:47:01 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/05/13 02:46:20 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/10 22:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/11/16 16:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 20:56:04 | 003,210,496 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/18 14:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 20:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 20:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 20:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 20:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1890377505-581007740-1627237116-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-1890377505-581007740-1627237116-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1890377505-581007740-1627237116-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1890377505-581007740-1627237116-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/10 08:34:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/10 08:34:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/10 08:35:15 | 000,000,000 | ---D | M]

[2008/12/14 20:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRANDO\Application Data\Mozilla\Extensions
[2010/03/12 10:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BRANDO\Application Data\Mozilla\Firefox\Profiles\kj9gs1nw.default\extensions
[2009/12/05 13:26:32 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\BRANDO\Application Data\Mozilla\Firefox\Profiles\kj9gs1nw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/12 10:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1890377505-581007740-1627237116-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1890377505-581007740-1627237116-1006..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKU\S-1-5-21-1890377505-581007740-1627237116-1006..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\BRANDO\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1890377505-581007740-1627237116-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1890377505-581007740-1627237116-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-1890377505-581007740-1627237116-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://chatsupport.palm.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwa...are/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (Desktop Uninstall) - C:\WINDOWS\warnhp.html
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\BRANDO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BRANDO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2e022fbc-2ca1-11df-a282-00123fdbea91}\Shell\aUtOPLay\coMmand - "" = E:\umolu.pif -- File not found
O33 - MountPoints2\{2e022fbc-2ca1-11df-a282-00123fdbea91}\Shell\AutoRun\command - "" = E:\umolu.pif -- File not found
O33 - MountPoints2\{2e022fbc-2ca1-11df-a282-00123fdbea91}\Shell\ExPlOre\Command - "" = E:\umolu.pif -- File not found
O33 - MountPoints2\{2e022fbc-2ca1-11df-a282-00123fdbea91}\Shell\open\COMmAnD - "" = E:\umolu.pif -- File not found
O33 - MountPoints2\{33fa8106-f4a4-11de-a275-00123fdbea91}\Shell\autOplaY\coMmAnd - "" = E:\lgjv.cmd -- File not found
O33 - MountPoints2\{33fa8106-f4a4-11de-a275-00123fdbea91}\Shell\AutoRun\command - "" = E:\lgjv.cmd -- File not found
O33 - MountPoints2\{33fa8106-f4a4-11de-a275-00123fdbea91}\Shell\expLoRe\COMmand - "" = E:\lgjv.cmd -- File not found
O33 - MountPoints2\{33fa8106-f4a4-11de-a275-00123fdbea91}\Shell\open\CoMMaND - "" = E:\lgjv.cmd -- File not found
O33 - MountPoints2\{e9a8bcda-8267-11dd-a245-00123fdbea91}\Shell\AuTopLay\coMMand - "" = E:\tteha.exe -- File not found
O33 - MountPoints2\{e9a8bcda-8267-11dd-a245-00123fdbea91}\Shell\AutoRun\command - "" = E:\tteha.exe -- File not found
O33 - MountPoints2\{e9a8bcda-8267-11dd-a245-00123fdbea91}\Shell\exPLore\COmmand - "" = E:\tteha.exe -- File not found
O33 - MountPoints2\{e9a8bcda-8267-11dd-a245-00123fdbea91}\Shell\OpeN\cOmmAnD - "" = E:\tteha.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1890377505-581007740-1627237116-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/14 20:33:06 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BRANDO\Desktop\OTL.exe
[2010/03/12 19:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BRANDO\Desktop\gmer
[2010/03/12 09:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/10 18:49:02 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/10 08:37:11 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/03/10 08:37:11 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/03/10 08:34:25 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/03/10 08:33:53 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/03/10 08:33:53 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/03/10 08:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/10 08:28:41 | 000,891,928 | ---- | C] (RealNetworks, Inc.) -- C:\Documents and Settings\BRANDO\Desktop\RealPlayerSPGold.exe
[2010/03/09 13:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/03/09 13:25:11 | 005,011,848 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\BRANDO\Desktop\Silverlight.exe
[2010/03/03 10:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/02/15 14:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/15 14:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/15 14:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/17 20:59:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/17 20:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/06 09:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/04/15 10:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2006/04/15 10:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2006/02/14 01:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AlfaCleaner
[2005/09/12 16:05:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek
[2005/08/01 18:04:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/07/28 18:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/08/10 13:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\BRANDO\Desktop\*.tmp files -> C:\Documents and Settings\BRANDO\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/14 20:33:21 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BRANDO\Desktop\OTL.exe
[2010/03/14 20:24:47 | 000,385,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 20:24:46 | 000,054,682 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 20:24:40 | 000,445,640 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 20:22:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 20:22:39 | 000,023,934 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/14 20:21:34 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration RunOnce Task.job
[2010/03/14 20:21:34 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1890377505-581007740-1627237116-1006.job
[2010/03/14 20:21:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 20:21:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/14 20:21:22 | 536,281,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/12 19:09:48 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\BRANDO\Desktop\gmer.zip
[2010/03/12 19:05:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\BRANDO\defogger_reenable
[2010/03/12 19:03:30 | 000,128,301 | ---- | M] () -- C:\Documents and Settings\BRANDO\Desktop\Defogger.exe
[2010/03/12 15:00:44 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1890377505-581007740-1627237116-1006.job
[2010/03/11 13:22:30 | 000,000,683 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/03/11 12:09:56 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/10 19:04:11 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\BRANDO\Desktop\Microsoft Office Word 2003.lnk
[2010/03/10 18:36:50 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\BRANDO\NTUSER.DAT
[2010/03/10 18:36:50 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\BRANDO\ntuser.ini
[2010/03/10 08:48:08 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\BRANDO\Application Data\mcs.rma
[2010/03/10 08:48:08 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\BRANDO\Application Data\A6FB7A
[2010/03/10 08:37:04 | 000,025,126 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/03/10 08:34:57 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/03/10 08:34:25 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/03/10 08:33:53 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/03/10 08:33:53 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/03/10 08:32:44 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/03/10 08:32:43 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/03/10 08:28:42 | 000,891,928 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\BRANDO\Desktop\RealPlayerSPGold.exe
[2010/03/09 23:11:36 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\BRANDO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/09 21:28:16 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/09 16:31:28 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/09 16:30:09 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/03/09 13:25:32 | 005,011,848 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\BRANDO\Desktop\Silverlight.exe
[2010/03/04 01:43:28 | 000,013,804 | -HS- | M] () -- C:\Documents and Settings\BRANDO\Local Settings\Application Data\jXP7U0T4
[2010/03/03 11:13:14 | 003,326,620 | ---- | M] () -- C:\Documents and Settings\BRANDO\My Documents\03-03-2010 10;13;14AM.PDF
[2010/03/03 11:09:46 | 004,319,709 | ---- | M] () -- C:\Documents and Settings\BRANDO\My Documents\03-03-2010 10;09;46AM.PDF
[2010/03/03 11:08:49 | 004,311,646 | ---- | M] () -- C:\Documents and Settings\BRANDO\My Documents\03-03-2010 10;08;47AM.PDF
[2010/02/26 15:47:00 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\BRANDO\Desktop\CA_Possible Cancellations.xls
[2010/02/15 14:19:59 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/02/15 14:12:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\BRANDO\Desktop\*.tmp files -> C:\Documents and Settings\BRANDO\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/12 19:09:46 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\BRANDO\Desktop\gmer.zip
[2010/03/12 19:05:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\BRANDO\defogger_reenable
[2010/03/12 19:03:30 | 000,128,301 | ---- | C] () -- C:\Documents and Settings\BRANDO\Desktop\Defogger.exe
[2010/03/10 08:45:22 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\BRANDO\Application Data\mcs.rma
[2010/03/10 08:45:22 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\BRANDO\Application Data\A6FB7A
[2010/03/10 08:35:10 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1890377505-581007740-1627237116-1006.job
[2010/03/10 08:35:07 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1890377505-581007740-1627237116-1006.job
[2010/03/10 08:34:57 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/03/03 23:42:24 | 000,013,804 | -HS- | C] () -- C:\Documents and Settings\BRANDO\Local Settings\Application Data\jXP7U0T4
[2010/03/03 11:13:14 | 003,326,620 | ---- | C] () -- C:\Documents and Settings\BRANDO\My Documents\03-03-2010 10;13;14AM.PDF
[2010/03/03 11:09:46 | 004,319,709 | ---- | C] () -- C:\Documents and Settings\BRANDO\My Documents\03-03-2010 10;09;46AM.PDF
[2010/03/03 11:08:48 | 004,311,646 | ---- | C] () -- C:\Documents and Settings\BRANDO\My Documents\03-03-2010 10;08;47AM.PDF
[2010/02/26 15:46:58 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\BRANDO\Desktop\CA_Possible Cancellations.xls
[2010/02/15 14:32:08 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/15 14:19:59 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/12/06 23:53:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/06 23:53:29 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/11/17 15:43:23 | 000,000,018 | ---- | C] () -- C:\Documents and Settings\BRANDO\Local Settings\Application Data\msesbucf.txt
[2006/02/10 01:10:37 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/12 18:48:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/26 11:31:45 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\fxtls432.dll
[2005/11/26 11:31:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ESUtil.dll
[2005/11/05 20:06:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/10/30 18:19:39 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\BC77B6034D.sys
[2005/09/03 22:28:13 | 000,002,776 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/03 13:38:50 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\BRANDO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/09 15:43:34 | 000,000,683 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/08 22:48:39 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\BRANDO\Application Data\PFP120JPR.{PB
[2005/08/08 22:48:39 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\BRANDO\Application Data\PFP120JCM.{PB
[2005/08/05 19:05:50 | 000,025,126 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/08/05 18:52:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/07/22 19:33:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/22 19:26:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/22 19:14:02 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/07/22 18:46:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/07/22 18:46:08 | 000,000,430 | ---- | C] () -- C:\WINDOWS\System32\dlbtplc.ini
[2005/07/22 18:44:56 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/11/09 18:11:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/11/09 18:10:28 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/11/09 18:05:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/11/09 17:59:26 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/08/23 14:42:30 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/08/23 14:40:14 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/08 14:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/11/18 02:00:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
< End of report >

OTL Extras logfile created on: 3/14/2010 8:35:00 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\BRANDO\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 86.00 Mb Available Physical Memory | 17.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.99 Gb Total Space | 37.51 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D2W77Z71
Current User Name: BRANDO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1890377505-581007740-1627237116-1006\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1131237950\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1131237950\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSyncŪ Manager Application -- (PalmSource, Inc)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1131237950\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1131237950\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- File not found
"C:\PROGRA~1\ExamSoft\SofTest\SoftLnch.exe" = C:\PROGRA~1\ExamSoft\SofTest\SoftLnch.exe:*:Enabled:SofLaunch -- File not found
"C:\PROGRA~1\ExamSoft\SofTest\softest.exe" = C:\PROGRA~1\ExamSoft\SofTest\SofTest.exe:*:Enabled:SofTest -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"E:\lgjv.cmd" = E:\lgjv.cmd:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\evgpcq.exe" = C:\WINDOWS\TEMP\evgpcq.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\wincyuo.exe" = C:\WINDOWS\TEMP\wincyuo.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\fphx.exe" = C:\WINDOWS\TEMP\fphx.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\imdtas.exe" = C:\WINDOWS\TEMP\imdtas.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winvxsm.exe" = C:\WINDOWS\TEMP\winvxsm.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\fuqai.exe" = C:\WINDOWS\TEMP\fuqai.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winttasro.exe" = C:\WINDOWS\TEMP\winttasro.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\uxood.exe" = C:\WINDOWS\TEMP\uxood.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\qpnbv.exe" = C:\WINDOWS\TEMP\qpnbv.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\fgqvtc.exe" = C:\WINDOWS\TEMP\fgqvtc.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winkppyym.exe" = C:\WINDOWS\TEMP\winkppyym.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winesoyaa.exe" = C:\WINDOWS\TEMP\winesoyaa.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winvvsoy.exe" = C:\WINDOWS\TEMP\winvvsoy.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\weqwr.exe" = C:\WINDOWS\TEMP\weqwr.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\hitme.exe" = C:\WINDOWS\TEMP\hitme.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\dbmlu.exe" = C:\WINDOWS\TEMP\dbmlu.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\wincrfk.exe" = C:\WINDOWS\TEMP\wincrfk.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\ared.exe" = C:\WINDOWS\TEMP\ared.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\nykh.exe" = C:\WINDOWS\TEMP\nykh.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\iffvt.exe" = C:\WINDOWS\TEMP\iffvt.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\wwtc.exe" = C:\WINDOWS\TEMP\wwtc.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\xabxis.exe" = C:\WINDOWS\TEMP\xabxis.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winykyk.exe" = C:\WINDOWS\TEMP\winykyk.exe:*:Enabled:ipsec -- File not found
"C:\Program Files\Dell\QuickSet\quickset.exe" = C:\Program Files\Dell\QuickSet\quickset.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe:*:Enabled:ipsec -- (InstallShield Software Corporation)
"C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe" = C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe:*:Enabled:ipsec -- (Intel Corporation)
"C:\WINDOWS\TEMP\rclj.exe" = C:\WINDOWS\TEMP\rclj.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\winvoqh.exe" = C:\WINDOWS\TEMP\winvoqh.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\TEMP\roai.exe" = C:\WINDOWS\TEMP\roai.exe:*:Enabled:ipsec -- File not found
"C:\Program Files\Security Central\Security Central.exe" = C:\Program Files\Security Central\Security Central.exe:*:Enabled:ipsec -- File not found
"C:\Program Files\Apoint\Apoint.exe" = C:\Program Files\Apoint\Apoint.exe:*:Enabled:ipsec -- (Alps Electric Co., Ltd.)
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xfwko.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xfwko.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ylyy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ylyy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrbimfm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrbimfm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wbtbew.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wbtbew.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnpiaxg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnpiaxg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlxao.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlxao.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qmobt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qmobt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwtkwm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwtkwm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqcxyd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqcxyd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrtts.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrtts.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxjohr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxjohr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqeut.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqeut.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfumgwq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfumgwq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\weani.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\weani.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rsjqs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rsjqs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lsht.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lsht.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dxyhs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dxyhs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsmdml.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsmdml.exe:*:Enabled:ipsec -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winveestq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winveestq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cftvcb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cftvcb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rmup.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rmup.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winihlt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winihlt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\encpe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\encpe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ynrpg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ynrpg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qkkfrl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qkkfrl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjnvsx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjnvsx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\butvh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\butvh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlwmp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlwmp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvrcrhf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvrcrhf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ojypbt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ojypbt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbbjwgd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbbjwgd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineegry.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineegry.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmeud.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmeud.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvfutjq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvfutjq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wininmqmb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wininmqmb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winurkcc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winurkcc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingujbl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingujbl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mdjt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mdjt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhebm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhebm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoawj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoawj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vimv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vimv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windfstwj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windfstwj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vpqoc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vpqoc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxcvajg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxcvajg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\oovv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\oovv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvuirgj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvuirgj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineiqtch.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineiqtch.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lcktg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lcktg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ievp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ievp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\trcv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\trcv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwfpvh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwfpvh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincnoot.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincnoot.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnxuenl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnxuenl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfgqttv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfgqttv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wfyjkt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wfyjkt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnhfhc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnhfhc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uuji.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uuji.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\efhjwk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\efhjwk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ckom.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ckom.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winubilh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winubilh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\toqu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\toqu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfcyv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfcyv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windddyfy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windddyfy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winporixd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winporixd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ndriv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ndriv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfetn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfetn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfvwly.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfvwly.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingimx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingimx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winasud.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winasud.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ieni.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ieni.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winopfu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winopfu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintkvmp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintkvmp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tgrmd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tgrmd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoedf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoedf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winimwrrx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winimwrrx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\frdm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\frdm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winauccw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winauccw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ctifx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ctifx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mllt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mllt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qbkjoc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qbkjoc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfxrbev.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfxrbev.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrkrdw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrkrdw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlwdfoq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlwdfoq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gstfl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gstfl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vwiuyf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vwiuyf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uveu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uveu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmnddj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmnddj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbcultb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbcultb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winccaw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winccaw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\snhoij.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\snhoij.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uyekvt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uyekvt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winskmgfv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winskmgfv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wafbjb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wafbjb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winatqy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winatqy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windwye.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windwye.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjalpqt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjalpqt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrraj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrraj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmqim.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmqim.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjbdrg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjbdrg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincwnxjw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincwnxjw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbnpgi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbnpgi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfdhek.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfdhek.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpsypwe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpsypwe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uwkni.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uwkni.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingjyn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingjyn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fbhm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fbhm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfaicmo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfaicmo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineuuq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineuuq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhdacb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhdacb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rwulj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rwulj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lgww.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lgww.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winechwdc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winechwdc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\foalhb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\foalhb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dpaqwu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dpaqwu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gmklmt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gmklmt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\haceob.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\haceob.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlcmtdy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlcmtdy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhaepl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhaepl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnbrvb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnbrvb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvkku.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvkku.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pefihh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pefihh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bmhat.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bmhat.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windhrv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windhrv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnhwb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnhwb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvvtrv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvvtrv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvjbc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvjbc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvesu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvesu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\svsun.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\svsun.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hcfdh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hcfdh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winagbgow.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winagbgow.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintedr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintedr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winycfvcp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winycfvcp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvdqtjr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvdqtjr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxuvgaq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxuvgaq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvqaew.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvqaew.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjcwov.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjcwov.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gnjun.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gnjun.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyefj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyefj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpkdpgr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpkdpgr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlkvyle.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlkvyle.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dcajf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dcajf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbsbulh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbsbulh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnayyeo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnayyeo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nbiey.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nbiey.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwadqn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwadqn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winejqjie.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winejqjie.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkpfo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkpfo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingmbe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingmbe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mgwcrw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mgwcrw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\sbre.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\sbre.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winllfxa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winllfxa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jnsnq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jnsnq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnnet.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnnet.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mkxnb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mkxnb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnljhaj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnljhaj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqoinbl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqoinbl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuiub.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuiub.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vlnoso.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vlnoso.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyfbp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyfbp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkwgov.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkwgov.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqoivr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqoivr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winptnv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winptnv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iaif.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iaif.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhhnhg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhhnhg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winstvu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winstvu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpgjs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpgjs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfhmsc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfhmsc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kyewk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kyewk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winllxi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winllxi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winojyr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winojyr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkswm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkswm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\djiro.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\djiro.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\sogqjo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\sogqjo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\faeae.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\faeae.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\guroy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\guroy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrftqu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrftqu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\otxqjt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\otxqjt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnmnsh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnmnsh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cocc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cocc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pfkbj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pfkbj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gvjbw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gvjbw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vxxmml.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vxxmml.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bnqur.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bnqur.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wqwjk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wqwjk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvuqiq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvuqiq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\biwa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\biwa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxfofaa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxfofaa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxfsihl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxfsihl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintyqxmq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintyqxmq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xuyry.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xuyry.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiwtp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiwtp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjtuhel.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjtuhel.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlqqrjm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlqqrjm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlolm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlolm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dxky.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dxky.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfyboh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfyboh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\trmu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\trmu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrhsgk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrhsgk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnwwy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnwwy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhiqfjb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhiqfjb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqgtvfh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqgtvfh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\scjqdq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\scjqdq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\omci.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\omci.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpxivg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpxivg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winymqsjs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winymqsjs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjcjuvy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjcjuvy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\upumf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\upumf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ceqbv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ceqbv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbtbbae.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbtbbae.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winebdh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winebdh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkoofj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkoofj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxeqr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxeqr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windreik.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windreik.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winddljmq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winddljmq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbxih.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbxih.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\frqh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\frqh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlmoto.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlmoto.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnwmo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnwmo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmsemg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmsemg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tjlbl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tjlbl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windogxf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windogxf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winytou.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winytou.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlapb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlapb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvpfgw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvpfgw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbctxb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbctxb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkoany.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkoany.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xxnsqg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xxnsqg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iuab.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iuab.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nkuq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nkuq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tnxo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tnxo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mwnwsh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mwnwsh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windakiu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windakiu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winobwue.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winobwue.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhulpn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhulpn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ixveya.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ixveya.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqmmso.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqmmso.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyhursl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyhursl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkqerjs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkqerjs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kyxr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kyxr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvqdvb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvqdvb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qgfqj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qgfqj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nugsk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nugsk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxeni.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxeni.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winniik.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winniik.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\onqk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\onqk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rgvvt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rgvvt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hleoy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hleoy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winylrrf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winylrrf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwwwynl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwwwynl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvjju.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvjju.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mpvjfw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mpvjfw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winschy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winschy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\eiec.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\eiec.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiwyjtk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiwyjtk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pyvcv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pyvcv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kfbbf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kfbbf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkugkfs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkugkfs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hmafxm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hmafxm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winaxqu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winaxqu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winatsqvu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winatsqvu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbmwyg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbmwyg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qkbd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qkbd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winolgi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winolgi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjjkm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjjkm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gsybs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gsybs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmrnhik.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmrnhik.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjdfipi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjdfipi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuwabl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuwabl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjxisrp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjxisrp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winipnq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winipnq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ydcwg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ydcwg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ycakvr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ycakvr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\idtgv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\idtgv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwlef.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwlef.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\npnstq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\npnstq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winktrxrq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winktrxrq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingpivyf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingpivyf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjnjhnk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjnjhnk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjsjq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjsjq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hpje.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hpje.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windpmpr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windpmpr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winprbg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winprbg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkqptbo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkqptbo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jkfjjh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jkfjjh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintvloe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintvloe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winadulu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winadulu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winddtnn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winddtnn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fvtnk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fvtnk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsrke.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsrke.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingflpv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingflpv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingejbjv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingejbjv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfybw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfybw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpimcuu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpimcuu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gyncun.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gyncun.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gabuxk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gabuxk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jdhibm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jdhibm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvyeyir.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvyeyir.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\eyuyxx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\eyuyxx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winghsy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winghsy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlqml.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlqml.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmwpp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmwpp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfcey.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfcey.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincbagv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincbagv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kfyyjn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kfyyjn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wrrebr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wrrebr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvrckvt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvrckvt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\muvuds.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\muvuds.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxvuba.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxvuba.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qpno.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qpno.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winedestm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winedestm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yoere.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yoere.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cxoag.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cxoag.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvaufi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvaufi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpneym.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpneym.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlfjdmg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlfjdmg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqopkkn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqopkkn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jokoq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jokoq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winogjkqo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winogjkqo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xreyhw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xreyhw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhfqmhg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhfqmhg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoamtx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoamtx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winonass.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winonass.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxsgeqt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxsgeqt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqnlmg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqnlmg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuckw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuckw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mjmnky.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mjmnky.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mxsvtl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mxsvtl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yggg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yggg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\odimp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\odimp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnjnyim.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnjnyim.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingnqv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingnqv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gkcu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gkcu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tvuafe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tvuafe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\oeoqmt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\oeoqmt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\comdvk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\comdvk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoxklfa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoxklfa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvdyhu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvdyhu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winghkwg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winghkwg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winooftx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winooftx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhjnebh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhjnebh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjxprd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjxprd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\baebcu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\baebcu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windrres.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windrres.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\idqap.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\idqap.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bephll.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bephll.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winthop.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winthop.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gjfkl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gjfkl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwuwkqj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwuwkqj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwxus.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwxus.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmjmgw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmjmgw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nbqsg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nbqsg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnncsdv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnncsdv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winncqrv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winncqrv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhgfofk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhgfofk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lpsnwt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lpsnwt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winynjq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winynjq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjvjsy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjvjsy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windeto.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windeto.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfgik.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfgik.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hixek.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hixek.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\riho.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\riho.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqywdl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqywdl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmqiaf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmqiaf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbyqm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbyqm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiivef.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiivef.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winppism.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winppism.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkefkoh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkefkoh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fwelu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fwelu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\swxjae.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\swxjae.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlciy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlciy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqyevud.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqyevud.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fbxg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fbxg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvppct.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvppct.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\icsk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\icsk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winodawm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winodawm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\oaajq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\oaajq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iajtx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iajtx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winucirxs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winucirxs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ekogpe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ekogpe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincluqa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincluqa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yhvl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yhvl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrqctqv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrqctqv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windgjsi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windgjsi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\baxkpb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\baxkpb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nbmgx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nbmgx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uixas.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uixas.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingbhacs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingbhacs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winftoxi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winftoxi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoacjqy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoacjqy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqobws.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqobws.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qtnirb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qtnirb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pphyj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pphyj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwcfy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwcfy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winaplaa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winaplaa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmvpmb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmvpmb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxggfgt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxggfgt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfjamg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfjamg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yykmy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yykmy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\utnab.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\utnab.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\puauvf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\puauvf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vdswc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vdswc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjvbh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjvbh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qdqtdq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qdqtdq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlkuhjf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlkuhjf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winngwoto.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winngwoto.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkfurx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkfurx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrreew.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrreew.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dncn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dncn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpkyydx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpkyydx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqxjy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqxjy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winavrr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winavrr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoimpg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winoimpg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hhlks.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hhlks.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hjsyfc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hjsyfc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvooggk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvooggk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lvgxov.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lvgxov.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpjst.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpjst.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\oqduc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\oqduc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tjxr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tjxr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincpdoi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincpdoi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xqjpl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xqjpl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingkaph.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingkaph.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bwbrud.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bwbrud.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnqgdbp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnqgdbp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winderiyl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winderiyl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrpnio.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrpnio.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmqcw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmqcw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vgmsok.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vgmsok.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrtcyro.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrtcyro.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkarhdu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkarhdu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windcvoi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windcvoi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\piqwgn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\piqwgn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwgeaog.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwgeaog.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winflvww.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winflvww.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winobgfcj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winobgfcj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winenha.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winenha.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windrhevw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windrhevw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwxtmln.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwxtmln.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hqeh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hqeh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winufxoea.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winufxoea.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\sngspa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\sngspa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wiabx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wiabx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkxgpxp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkxgpxp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vnjv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vnjv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fmhd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fmhd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyqquup.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyqquup.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ettj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ettj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqkalh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqkalh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqhful.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqhful.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lrweev.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lrweev.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winytsex.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winytsex.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winibgleb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winibgleb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\powhv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\powhv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxwvg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxwvg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winohwmm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winohwmm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lpnry.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lpnry.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hyede.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hyede.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkxtvub.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkxtvub.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhqwmsi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhqwmsi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpdcws.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpdcws.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\sxhfgy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\sxhfgy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwsuhob.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwsuhob.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xmpq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xmpq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineusry.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineusry.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ltefea.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ltefea.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fxphwa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fxphwa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsmnl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsmnl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincxss.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincxss.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winstagd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winstagd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxcwbl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxcwbl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windcmfp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windcmfp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\khher.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\khher.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\geexe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\geexe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineqgd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineqgd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winttdxv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winttdxv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winotdby.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winotdby.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rclj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rclj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kmog.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kmog.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhxyjuj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhxyjuj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windjqcw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windjqcw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uhwr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uhwr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lvgi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lvgi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lvlbh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lvlbh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqkrbb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqkrbb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjvwf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjvwf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpprq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpprq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsytx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsytx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvuhn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvuhn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fwuhs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fwuhs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintviw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintviw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnbdrw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnbdrw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yeqjdr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yeqjdr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winakhp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winakhp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dcufx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dcufx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmvyhd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmvyhd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bbnk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bbnk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingnwb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingnwb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vgxp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vgxp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\giij.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\giij.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkytbj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkytbj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfrkgw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfrkgw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tbfyg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\tbfyg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lndbe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lndbe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnkvc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winnkvc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lixe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lixe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\eopj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\eopj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincdnwgj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincdnwgj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cqhgie.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cqhgie.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlxjgha.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlxjgha.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rcqdf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rcqdf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsrlnj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsrlnj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iukti.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iukti.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbjrdnk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbjrdnk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjrge.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjrge.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windegf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windegf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wmav.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wmav.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpfrrnb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpfrrnb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqmaoan.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqmaoan.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiuug.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiuug.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hgug.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hgug.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjwsu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjwsu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbpxm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbpxm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhtob.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhtob.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjcdabd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjcdabd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingkkpan.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingkkpan.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhaogu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhaogu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ecasd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ecasd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincqgtq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincqgtq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kapegb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kapegb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ncfa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ncfa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhtlt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhtlt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwcqq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwcqq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winskrvd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winskrvd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wafe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wafe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winopmxng.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winopmxng.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineowefl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineowefl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yibtaq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yibtaq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\csori.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\csori.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jxvo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jxvo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrubom.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrubom.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kpjd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kpjd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\drpa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\drpa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpckr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpckr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpcsxvt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpcsxvt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiipo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiipo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ekomt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ekomt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windwiay.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windwiay.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ytsq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ytsq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsrmd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsrmd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yonkbx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yonkbx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintnhkbv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintnhkbv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincehsvy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincehsvy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winixwede.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winixwede.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\askinh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\askinh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincwfxyj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincwfxyj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincqhs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincqhs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwvwqbx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwvwqbx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqyfio.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqyfio.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winikfslo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winikfslo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vmnm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vmnm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyexji.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyexji.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mphbic.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mphbic.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windwydxc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windwydxc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bdiedf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bdiedf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vgqkux.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vgqkux.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bqlqo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bqlqo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winaydtgp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winaydtgp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winimdbj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winimdbj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winenvls.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winenvls.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ngeav.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ngeav.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbini.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbini.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rxsghm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rxsghm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ivkg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ivkg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\soynco.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\soynco.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winetitsl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winetitsl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kkkqn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kkkqn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qbkn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qbkn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bgoch.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bgoch.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vrcfxo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vrcfxo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bokoik.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\bokoik.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineker.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wineker.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiyqe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiyqe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kjce.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kjce.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winagwa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winagwa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\whkvpw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\whkvpw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiyriv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiyriv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yndpjh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yndpjh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iwrwc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iwrwc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\svhsu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\svhsu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lnnbrm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lnnbrm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rrgiy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rrgiy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincams.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincams.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfvtpf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfvtpf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wceg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wceg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxjlfmt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxjlfmt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkovtxu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkovtxu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqyct.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqyct.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jhxfg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jhxfg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\odsok.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\odsok.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nboo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\nboo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlule.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlule.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yiwefm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yiwefm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fligu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fligu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xfhlr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xfhlr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxjyfrr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxjyfrr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqpdbe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqpdbe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wkvp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wkvp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkjjm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkjjm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winswxwhn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winswxwhn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuuwip.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuuwip.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windbexc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windbexc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winumshl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winumshl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\husk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\husk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vsedov.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vsedov.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmckasu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmckasu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwgqqy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwgqqy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\avcqyv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\avcqyv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iladk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iladk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cvmks.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cvmks.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\eyyddf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\eyyddf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qeuhyy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qeuhyy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ifewp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ifewp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmkjwn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmkjwn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fasqht.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fasqht.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\horp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\horp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\okihf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\okihf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjunsl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjunsl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\avppq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\avppq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxrvr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxrvr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuimb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuimb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ltct.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ltct.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjqtc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjqtc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\noqdli.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\noqdli.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqubfge.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqubfge.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\giacp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\giacp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vhkwc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vhkwc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincmklvm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincmklvm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsdsve.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsdsve.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvvgfky.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvvgfky.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wwqk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wwqk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\aqmpv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\aqmpv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\aqdtqb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\aqdtqb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winaommq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winaommq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winawiib.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winawiib.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jcxf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jcxf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hnjsb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hnjsb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmptij.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmptij.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ewsk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ewsk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjuhki.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjuhki.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lwrwmk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lwrwmk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fvhb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fvhb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winomnnj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winomnnj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jhcidh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jhcidh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winukha.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winukha.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintmuhb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintmuhb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvrkcpl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvrkcpl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uyxsmj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uyxsmj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winckppp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winckppp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkwwr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkwwr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rqkpoa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rqkpoa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qter.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qter.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuhgq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuhgq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhukb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhukb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingiyct.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingiyct.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yxoq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yxoq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windvxh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windvxh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintxagjc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintxagjc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cvxvk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\cvxvk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincqytpd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincqytpd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winffphj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winffphj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\alfi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\alfi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmwpn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmwpn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\atims.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\atims.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winncilg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winncilg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\drfw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\drfw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\aipj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\aipj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yxhjrh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\yxhjrh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winowxe.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winowxe.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmugubm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmugubm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiunp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winiunp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpolfgh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpolfgh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xkqau.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xkqau.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jaxbo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jaxbo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dhxed.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\dhxed.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfgbfgs.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfgbfgs.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\prdia.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\prdia.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jjlerh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\jjlerh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kctjp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\kctjp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhmcr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhmcr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winooiihp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winooiihp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjidp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjidp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ehum.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ehum.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmactus.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmactus.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintipd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wintipd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\sibrro.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\sibrro.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvnylx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvnylx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ywswbl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ywswbl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rqcvc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rqcvc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pmbn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pmbn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winimyo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winimyo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\igur.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\igur.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmgwj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmgwj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrjiopq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrjiopq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winihbciv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winihbciv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xrgcw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xrgcw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winttguc.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winttguc.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ywbgy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ywbgy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuqmt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winuqmt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ampsr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ampsr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winamhplr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winamhplr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wlptxi.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wlptxi.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjwqweg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjwqweg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winknvoh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winknvoh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingmsr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wingmsr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\axxf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\axxf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rqcn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rqcn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbavubn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbavubn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winybddp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winybddp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjinps.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjinps.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrdhono.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrdhono.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qgofcg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qgofcg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\avjjnm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\avjjnm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxjut.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxjut.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbuim.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbuim.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\plbgwb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\plbgwb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lvqn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\lvqn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhyhxam.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhyhxam.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincfrv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincfrv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xnjyu.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xnjyu.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrrci.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrrci.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\joqid.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\joqid.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winaucsx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winaucsx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ihtynj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ihtynj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gjgyt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\gjgyt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iuntpg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\iuntpg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqkvm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqkvm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hxuskn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hxuskn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qysli.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\qysli.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsdmnt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winsdmnt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbjhesm.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbjhesm.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\llnwlo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\llnwlo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mglj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mglj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyhah.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winyhah.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\awcxg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\awcxg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqsghfq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqsghfq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxbblr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxbblr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhdjsua.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winhdjsua.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\grdk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\grdk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfsvha.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfsvha.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxioxvy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxioxvy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincpys.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wincpys.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\obltre.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\obltre.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmducik.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmducik.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjamof.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjamof.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrphn.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrphn.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winccfaw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winccfaw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ljrqk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ljrqk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkimj.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkimj.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winegug.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winegug.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjealpa.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjealpa.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winopkf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winopkf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\buhlg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\buhlg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpnjjt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpnjjt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\eajw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\eajw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkfcmpt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winkfcmpt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbcvab.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winbcvab.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxhswie.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winxhswie.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pheueq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\pheueq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlxkjaf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlxkjaf.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfpfnv.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfpfnv.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvxwbd.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winvxwbd.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mevupk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\mevupk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqktkg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winqktkg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winswksua.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winswksua.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwiwwdy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winwiwwdy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winivrt.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winivrt.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlsemyf.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlsemyf.exe:*:Enabled:ipsec -- File not found
"C:\Program Files\Real\RealUpgrade\realupgrade.exe" = C:\Program Files\Real\RealUpgrade\realupgrade.exe:*:Enabled:ipsec -- (RealNetworks, Inc.)
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmryy.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmryy.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fhodb.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\fhodb.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vqglg.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vqglg.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hijik.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hijik.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wakjyp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\wakjyp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vitxkx.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\vitxkx.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hkjo.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\hkjo.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmbqeqr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winmbqeqr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\blwdje.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\blwdje.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ojlchl.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\ojlchl.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rsafk.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\rsafk.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlmkmdw.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winlmkmdw.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrmmvoq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winrmmvoq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xuqklr.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\xuqklr.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winckinek.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winckinek.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windyidq.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\windyidq.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjfpp.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winjfpp.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpboh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winpboh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfhutqh.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\winfhutqh.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\BRANDO\LOCALS~1\Temp\aourih.exe" = C:\DOCUME~1\BRANDO\LOCALS~1\Temp\aourih.exe:*:Enabled:ipsec -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A005B38F-D5AB-4E35-93DD-9886E449FAF1}" = Palm
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDF0F423-F81F-4EA7-ABD1-AACBB60F3644}" = G15A922EN
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"Desktop Uninstall" = Desktop Uninstall
"ffdshow_is1" = ffdshow [rev 3142] [2009-12-03]
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1890377505-581007740-1627237116-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2010 10:18:29 PM | Computer Name = D2W77Z71 | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 12.0.0.614, faulting module
realplay.exe, version 12.0.0.614, fault address 0x000c4597.

Error - 3/12/2010 10:27:54 PM | Computer Name = D2W77Z71 | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 12.0.0.614, faulting module
realplay.exe, version 12.0.0.614, fault address 0x000c4597.

Error - 3/12/2010 10:37:59 PM | Computer Name = D2W77Z71 | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 12.0.0.614, faulting module
realplay.exe, version 12.0.0.614, fault address 0x000c4597.

Error - 3/12/2010 10:48:00 PM | Computer Name = D2W77Z71 | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 12.0.0.614, faulting module
realplay.exe, version 12.0.0.614, fault address 0x000c4597.

Error - 3/14/2010 9:23:57 PM | Computer Name = D2W77Z71 | Source = Application Error | ID = 1000
Description = Faulting application agent.exe, version 3.10.100.1155, faulting module
agent.exe, version 3.10.100.1155, fault address 0x0007d553.

Error - 3/14/2010 9:28:53 PM | Computer Name = D2W77Z71 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3588 (0xe04) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume2\DOCUMENTS AND SETTINGS\ALL
USERS\APPLICATION DATA\DELL\TRANSFERAGENT\DSC20UPGRADETA.EXE by **\MCUIMGR.EXE
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 3/14/2010 9:36:26 PM | Computer Name = D2W77Z71 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 5952 (0x1740) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume2\Program Files\Microsoft
Office\OFFICE11\WINWORD.EXE by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 3/14/2010 9:47:19 PM | Computer Name = D2W77Z71 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4652 (0x122c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume2\Program Files\Microsoft
Office\OFFICE11\WINWORD.EXE by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 3/14/2010 9:47:59 PM | Computer Name = D2W77Z71 | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 12.0.0.614, faulting module
realplay.exe, version 12.0.0.614, fault address 0x000c4597.

Error - 3/14/2010 9:57:39 PM | Computer Name = D2W77Z71 | Source = Application Error | ID = 1000
Description = Faulting application realplay.exe, version 12.0.0.614, faulting module
realplay.exe, version 12.0.0.614, fault address 0x000c4597.

[ System Events ]
Error - 3/14/2010 9:57:56 PM | Computer Name = D2W77Z71 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 3/14/2010 9:58:10 PM | Computer Name = D2W77Z71 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 3/14/2010 9:58:21 PM | Computer Name = D2W77Z71 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 3/14/2010 9:58:49 PM | Computer Name = D2W77Z71 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 3/14/2010 9:59:03 PM | Computer Name = D2W77Z71 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 3/14/2010 9:59:13 PM | Computer Name = D2W77Z71 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 3/14/2010 9:59:24 PM | Computer Name = D2W77Z71 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 3/14/2010 9:59:34 PM | Computer Name = D2W77Z71 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 3/14/2010 9:59:44 PM | Computer Name = D2W77Z71 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding

Error - 3/14/2010 9:59:54 PM | Computer Name = D2W77Z71 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}
as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
-Embedding


< End of report >



#4 ohcrap

ohcrap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 14 March 2010 - 08:22 PM

windows is trying to do an automatic restart b/c of an automatic update. will i need to rerun the OTL. Also, do i need to "uncheck" anything when scanning with GMER? The instructions before told to "uncheck" several boxes before scanning.

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:19 PM

Posted 15 March 2010 - 10:41 AM

Hi, you can allow the update, no need to repost OTL logs.

Try to run GMER with all boxes checked. If it crashes, uncheck Devices and IAT/EAT

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 ohcrap

ohcrap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 15 March 2010 - 02:14 PM

gmer.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-15 15:12:00
Windows 5.1.2600 Service Pack 2
Running: vh3w03ww.exe; Driver: C:\DOCUME~1\BRANDO\LOCALS~1\Temp\uwroapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF38C49AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF38C4A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF38C4958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF38C496C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF38C4A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF38C4A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF38C4AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF38C4AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF38C49EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF38C4B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF38C4A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF38C4930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF38C4944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF38C49BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF38C4B57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF38C4AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF38C4AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF38C4A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF38C4B43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF38C4B2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF38C4996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF38C4982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF38C4A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF38C4A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF38C4B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF38C4A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF38C49D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\ehmpgl.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006E006C
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006E0F77
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006E0051
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006E0F94
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006E0FAF
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006E00AB
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006E008E
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006E0F34
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006E00D7
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006E0F19
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 006E0036
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 006E0000
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 006E007D
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 006E0FCA
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 006E001B
.text C:\WINDOWS\system32\svchost.exe[172] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006E00BC
.text C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 006D0FA8
.text C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 006D001E
.text C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 006D0FB9
.text C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 006D0FD4
.text C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 006D0F61
.text C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 006D0F7C
.text C:\WINDOWS\system32\svchost.exe[172] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 006D0F97
.text C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C0049
.text C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0FC8
.text C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C002E
.text C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C0FE3
.text C:\WINDOWS\system32\svchost.exe[172] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C001D
.text C:\WINDOWS\system32\svchost.exe[172] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006B0000
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0007006E
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F83
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0007005D
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00070F5E
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0007009A
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F28
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700C1
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 000700DC
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00070FAF
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00070089
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1028] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070F43
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FA6
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FC1
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[1028] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[1028] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E30F5C
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E30F6D
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E30051
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E30F9E
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E30FB9
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E30F26
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E30F37
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E300AB
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E3009A
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E30EED
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E30040
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E3001B
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E30062
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E30FCA
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E30089
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00E2004A
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00E20091
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00E2002F
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00E2000A
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00E20080
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00E2006F
.text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00E20FDE
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E1002C
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E1001B
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10FAB
.text C:\WINDOWS\system32\lsass.exe[1040] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E10FD2
.text C:\WINDOWS\system32\lsass.exe[1040] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BA0090
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BA007F
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BA006E
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BA0FA5
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BA003D
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BA00C3
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BA00B2
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BA0100
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BA00EF
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00BA0F4C
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00BA0FB6
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00BA00A1
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00BA0FC7
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00BA0022
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00BA00DE
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A6001E
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A6006C
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A60FC3
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A60FD4
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A60051
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A60040
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A6002F
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50042
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A50FB7
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A50FE3
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A50FC8
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A5001D
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A70FE5
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A70F77
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A7006C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A70F94
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A70051
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A70025
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A70F5C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A70098
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A700DA
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A700C9
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A70F26
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A70036
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A70FD4
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A70087
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A70FB9
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A70014
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A70F4B
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008A0FC3
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008A004A
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008A0014
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008A0FDE
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008A0F8D
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008A0FA8
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008A0039
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00890FB9
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!system 77C293C7 5 Bytes JMP 0089003A
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00890029
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00890FEF
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00890FCA
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0089000C
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00880FEF
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02110000
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02110078
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02110F79
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0211005D
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02110F94
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02110FAF
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 021100B0
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02110F5E
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 021100D2
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 021100C1
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 021100E3
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02110036
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0211001B
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 02110089
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02110FCA
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateNamedPipeA 7C85FE94 3 Bytes JMP 02110FDB
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!CreateNamedPipeA + 4 7C85FE98 1 Byte [85]
.text C:\WINDOWS\System32\svchost.exe[1444] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02110F4D
.text C:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01E4002C
.text C:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01E40F9E
.text C:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 01E4001B
.text C:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 01E40000
.text C:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01E40FAF
.text C:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 01E40FE5
.text C:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 01E40FCA
.text C:\WINDOWS\System32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 01E40051
.text C:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01CF003D
.text C:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!system 77C293C7 5 Bytes JMP 01CF0FBC
.text C:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01CF0022
.text C:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01CF0000
.text C:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01CF0FCD
.text C:\WINDOWS\System32\svchost.exe[1444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01CF0011
.text C:\WINDOWS\System32\svchost.exe[1444] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01CE0FEF
.text C:\WINDOWS\System32\svchost.exe[1444] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 018A0000
.text C:\WINDOWS\System32\svchost.exe[1444] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 018A0FE5
.text C:\WINDOWS\System32\svchost.exe[1444] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 018A0FD4
.text C:\WINDOWS\System32\svchost.exe[1444] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 018A0FC3
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008B0FE5
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008B0089
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008B0078
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008B005B
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008B004A
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008B0FB9
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008B00CB
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008B0F83
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008B0F4D
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008B00E6
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008B0F3C
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008B0FA8
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008B0FD4
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008B00AE
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008B0025
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008B0014
.text C:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008B0F68
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008A0036
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008A0F97
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008A0025
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008A0FA8
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008A0FB9
.text C:\WINDOWS\system32\svchost.exe[1820] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008A0FD4
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00890045
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!system 77C293C7 5 Bytes JMP 00890FB0
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00890016
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00890FEF
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00890FC1
.text C:\WINDOWS\system32\svchost.exe[1820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00890FDE
.text C:\WINDOWS\system32\svchost.exe[1820] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00880000
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0127000A
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 012700A4
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01270093
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01270078
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01270051
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01270FD4
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 012700DC
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 012700CB
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 012700F7
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01270F5E
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01270F43
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01270FAF
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0127001B
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01270F9E
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01270FE5
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01270036
.text C:\WINDOWS\Explorer.EXE[1916] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01270F79
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01170040
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01170F9E
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 01170025
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 01170FEF
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 0117005B
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0117000A
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 01170FC3
.text C:\WINDOWS\Explorer.EXE[1916] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 01170FD4
.text C:\WINDOWS\Explorer.EXE[1916] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01160FB9
.text C:\WINDOWS\Explorer.EXE[1916] msvcrt.dll!system 77C293C7 5 Bytes JMP 0116003A
.text C:\WINDOWS\Explorer.EXE[1916] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01160FD4
.text C:\WINDOWS\Explorer.EXE[1916] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01160FEF
.text C:\WINDOWS\Explorer.EXE[1916] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01160029
.text C:\WINDOWS\Explorer.EXE[1916] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0116000C
.text C:\WINDOWS\Explorer.EXE[1916] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01140FE5
.text C:\WINDOWS\Explorer.EXE[1916] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01140FD4
.text C:\WINDOWS\Explorer.EXE[1916] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 0114000A
.text C:\WINDOWS\Explorer.EXE[1916] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 01140FB9
.text C:\WINDOWS\Explorer.EXE[1916] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01150FEF
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E0F8B
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0FA6
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0080
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E006F
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E0039
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E00AC
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E0F70
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E0F38
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E00D1
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008E00EC
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008E004A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008E0FDE
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008E009B
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008E0028
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008E0FCD
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008E0F49
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008D002C
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008D0087
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008D0FE5
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008D0011
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008D006C
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008D005B
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008D0FCA
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0FAD
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0FC8
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C0FE3
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C000C
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0042
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C001D
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F48
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F6F
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0F80
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FB6
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B008E
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0073
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0F21
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B00BA
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B0F10
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0F91
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0011
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0062
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B0FC7
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B0022
.text C:\WINDOWS\system32\wuauclt.exe[2160] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B009F
.text C:\WINDOWS\system32\wuauclt.exe[2160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290FC8
.text C:\WINDOWS\system32\wuauclt.exe[2160] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290049
.text C:\WINDOWS\system32\wuauclt.exe[2160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0029001D
.text C:\WINDOWS\system32\wuauclt.exe[2160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FE3
.text C:\WINDOWS\system32\wuauclt.exe[2160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0029002E
.text C:\WINDOWS\system32\wuauclt.exe[2160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0029000C
.text C:\WINDOWS\system32\wuauclt.exe[2160] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2160] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\wuauclt.exe[2160] ADVAPI32.dll!RegOpenKeyExA 77DD7832 1 Byte [E9]
.text C:\WINDOWS\system32\wuauclt.exe[2160] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002A0036
.text C:\WINDOWS\system32\wuauclt.exe[2160] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\wuauclt.exe[2160] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\system32\wuauclt.exe[2160] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[2160] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002A0076
.text C:\WINDOWS\system32\wuauclt.exe[2160] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002A005B
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008B0FEF
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008B008A
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008B0F95
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008B006F
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008B005E
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008B0FC3
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008B00C0
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008B00A5
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008B0F4C
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008B00E5
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008B0100
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008B0FB2
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008B000A
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008B0F7A
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008B002F
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008B0FD4
.text C:\WINDOWS\system32\svchost.exe[2276] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008B0F5D
.text C:\WINDOWS\system32\svchost.exe[2276] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00650047
.text C:\WINDOWS\system32\svchost.exe[2276] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00650087
.text C:\WINDOWS\system32\svchost.exe[2276] ADVAPI32.dll!RegOpenKeyExA 77DD7832 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2276] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[2276] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[2276] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[2276] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[2276] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00650062
.text C:\WINDOWS\system32\svchost.exe[2276] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[2276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640055
.text C:\WINDOWS\system32\svchost.exe[2276] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640FC0
.text C:\WINDOWS\system32\svchost.exe[2276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00640029
.text C:\WINDOWS\system32\svchost.exe[2276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[2276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0064003A
.text C:\WINDOWS\system32\svchost.exe[2276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[2276] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00620000
.text C:\WINDOWS\system32\svchost.exe[2276] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00620FDB
.text C:\WINDOWS\system32\svchost.exe[2276] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 0062001B
.text C:\WINDOWS\system32\svchost.exe[2276] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 0062002C
.text C:\WINDOWS\system32\svchost.exe[2276] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00630FE5
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2804] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2804] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3108] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3440] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat EFDF3C8A
Device \FileSystem\Fastfat \Fat EFE0338A

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:19 PM

Posted 15 March 2010 - 02:18 PM

Hello ohcrap,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 ohcrap

ohcrap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 15 March 2010 - 04:08 PM

combofix ??

I am unable to open Mcafee in order to turn off virus scan. I even tried to remove Mcafee from computer and it wouldn't respond. Should i continue with combofix?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:19 PM

Posted 15 March 2010 - 04:30 PM

If McAfee is not working properly, try running the uninstall tool.

Dowload and save McAfee Removal Tool to your desktop.

Run it to remove McAfee. After this, please restart your computer.

Afterwards run Combofix. In case it still gives a warning, ignore it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 ohcrap

ohcrap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 15 March 2010 - 06:59 PM

C:\ComboFix.txt

ComboFix 10-03-15.01 - BRANDO 03/15/2010 17:06:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.142 [GMT -5:00]
Running from: c:\documents and settings\BRANDO\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-10 23:49 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 13:37 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-03-10 13:37 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-03-10 13:33 . 2010-03-10 13:33 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-09 18:26 . 2010-03-09 18:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-15 19:30 . 2010-02-15 19:30 -------- d-----w- c:\program files\iPod
2010-02-15 19:29 . 2010-02-15 19:31 -------- d-----w- c:\program files\iTunes
2010-02-15 19:19 . 2010-02-15 19:20 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 18:56 . 2005-08-09 20:43 -------- d-----w- c:\program files\Dl_cats
2010-03-12 14:58 . 2005-07-23 00:07 -------- d-----w- c:\program files\Common Files\Java
2010-03-12 14:57 . 2005-07-23 00:07 -------- d-----w- c:\program files\Java
2010-03-10 13:35 . 2005-07-23 00:22 -------- d-----w- c:\program files\Common Files\Real
2010-03-10 13:34 . 2010-03-10 13:34 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-10 13:34 . 2010-03-10 13:34 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-10 13:34 . 2010-03-10 13:34 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-10 13:34 . 2010-03-10 13:34 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-10 13:34 . 2010-03-10 13:34 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-10 13:34 . 2010-03-10 13:34 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-10 13:34 . 2010-03-10 13:34 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-10 13:34 . 2010-03-10 13:34 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-10 13:33 . 2005-07-23 00:22 -------- d-----w- c:\program files\Real
2010-03-10 13:32 . 2005-07-23 00:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-04 02:31 . 2010-03-04 02:28 20903408 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-04 02:27 . 2010-03-04 02:27 8479040 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-04 02:26 . 2010-03-04 02:26 218632 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-04 02:26 . 2010-03-04 02:26 10383176 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-04 02:24 . 2010-03-04 02:24 352912 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-04 02:24 . 2010-03-04 02:24 255496 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-04 02:24 . 2010-03-04 02:24 149000 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-04 02:24 . 2010-03-04 02:24 64000 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-04 02:24 . 2010-03-04 02:24 52288 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-04 02:24 . 2010-03-04 02:24 50688 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-04 02:24 . 2010-03-04 02:24 49152 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-04 02:24 . 2010-03-04 02:24 118784 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-03 15:51 . 2010-03-03 15:51 513544 ----a-w- c:\documents and settings\BRANDO\Application Data\Real\Update\setup3.10\setup.exe
2010-02-15 19:30 . 2009-01-08 23:21 -------- d-----w- c:\program files\Common Files\Apple
2010-02-15 19:13 . 2010-02-15 19:13 150312 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-10 18:40 . 2008-02-05 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-02-10 18:39 . 2008-02-05 00:18 -------- d-----w- c:\program files\Kodak
2010-02-10 16:40 . 2010-02-10 16:40 -------- d-----w- c:\documents and settings\BRANDO\Application Data\Malwarebytes
2010-02-10 16:40 . 2010-02-10 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-05 10:00 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2005-07-22 23:44 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 12:58 . 2004-08-10 18:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2007-04-01 01:02 . 2005-10-30 23:19 56 --sh--r- c:\windows\system32\BC77B6034D.sys
2007-04-01 01:02 . 2005-09-04 03:28 2776 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 542704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 229376]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 466944]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 421888]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 364544]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 688128]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 131072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 294912]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 155648]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-11 364544]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-10 69632]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 491520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 211240]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256]

c:\documents and settings\BRANDO\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-11-29 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-22 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 548864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\warnhp.html
FriendlyName= Desktop Uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\Program Files\\Dell\\QuickSet\\quickset.exe"=
"c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\ZcfgSvc.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"=
"c:\\DOCUME~1\\BRANDO\\LOCALS~1\\Temp\\tiwo.exe"=
"c:\\DOCUME~1\\BRANDO\\LOCALS~1\\Temp\\tuckk.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder

2010-03-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1890377505-581007740-1627237116-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-03-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1890377505-581007740-1627237116-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\BRANDO\Application Data\Mozilla\Firefox\Profiles\kj9gs1nw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\BRANDO\Application Data\Mozilla\Firefox\Profiles\kj9gs1nw.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 17:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\BRANDO\LOCALS~1\Temp\tiwo.exe
c:\docume~1\BRANDO\LOCALS~1\Temp\tuckk.exe
.
**************************************************************************
.
Completion time: 2010-03-15 17:29:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-15 22:29

Pre-Run: 40,630,738,944 bytes free
Post-Run: 40,863,866,880 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 14AE2978F9D393A8AC5F6CE87D9B9AAE


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:19 PM

Posted 16 March 2010 - 04:54 AM

Unfortunately it looks like your system is infected by a file infector called Sality. to confirm this and to see how wide-spread this infection is, please do the following.

DR. WEB CUREIT
----------------------
Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in Safe Mode.

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 ohcrap

ohcrap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 16 March 2010 - 09:47 AM

DrWebb Problem!

I'll be the first to tell you that I don't know anything about this stuff, so I could very well be doing something wrong. Im having trouble DL the DrWEbb Cureit. Maybe the DrWebb website is down???

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:19 PM

Posted 16 March 2010 - 02:58 PM

It works fine for me.

After clicking the link, scroll down and click the "free download" button.

In the next page, scroll down, check "accept" and click "continue"

In the next screen the download should start, if not, there is a manual link where you can click.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 ohcrap

ohcrap
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 16 March 2010 - 03:12 PM

I just get a blank screen and the information bar at the bottom says "waiting for www.av-desk.com....". I get pretty much the same thing through the majorgeeks website too.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:19 PM

Posted 16 March 2010 - 03:28 PM

Lets try this a bit different...

UPLOAD A FILE
--------------------
We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

c:\qoobox\quarantine\c:\windows\AppPatch\AcAdProc.dll.vir

If you get the message that the file has already been scanned before, please click Reanalyse file now.
Please post back the results of the scan in your next post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users