Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe, .TMP folders in windows temp file, rootkit ??


  • This topic is locked This topic is locked
24 replies to this topic

#1 scorpioLP

scorpioLP

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 21 April 2010 - 09:36 AM

I thought i had gotten rid of whatever malware i had, but apparently not. It started out as a search redirecting problem. After using SuperAntispyware, i thought that had gotten rid of it. But it didn't. MalwareBytes AntiMalware, SuperAntispyware, and Hitman Pro scans come up clean. But whatever it is, is pounding an svchost.exe process and creating alot of empty .TMP folders in my windows\temp folder. I followed the prep guide, but i can't get the GMER scan to finish... i've tried 3 times. My PC freezes up. The last time i tried, i left it scanning all night and when I checked this morning, it was done. I go to save the log, give it a name and when i click on 'save' it froze. So there is not a GMER log. I hope there's enough information here to work with. I appreciate all the help i can get.

DDS (Ver_10-03-17.01) - NTFSx86
Run by lee at 12:00:34.38 on Tue 04/20/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1756 [GMT -4:00]

AV: Total Protection for Small Business *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\CA\Alert\ALERT.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\CA\BrightStor\CADS\casdscsvc.exe
C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
C:\Program Files\CA\BrightStor ARCserve Backup\casmrtbk.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\WINDOWS\system32\TSSchBkpService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\CA\BrightStor ARCserve Backup\asalert.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\lee\My Documents\TCPView\Tcpview.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINERS\ERSRTDAM.exe
C:\WINERS\LCWIN32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\lee\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [nwiz] nwiz.exe /install
mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office 11\programs\QFSCHD110.EXE"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\g001-1.0.25.0\gnotify.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ersala~1.lnk - c:\winers\Rtcom.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ersweb~1.lnk - c:\winers\ERSRTDAM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ersweb~2.lnk - c:\winers\LCWIN32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~2.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\sandisk\sandisk transfermate\SD Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save Web Page to askSam... - c:\program files\asksam\asksam6\ASAdd.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\\DownloadPDF.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: ameritrade.com
Trusted Zone: tdameritrade.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&6&04.00.07.02&unknown&unknown&http://aolexpressions.aol.com/testdrive.adp?clientId=2&expTypeId=1&catId=61&langCode=&subcatId=876&tm=16&expId=6384
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - hxxp://www.pestscan.com/scanner/axscanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} - hxxp://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://aucam.dyndns.biz/activex/AxisCamControl.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
TCP: {AAA3AF4A-22F2-4F50-A1FC-D957E3E1A356} = 192.168.1.200
Handler: asksam6 - {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - c:\program files\asksam\asksam6\AS6_AIPP.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks basic\HelpAsyncPluggableProtocol.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt5.0.0.705.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-10 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 Alert Notification Server;Alert Notification Server;c:\program files\common files\ca\alert\alert.exe [2005-3-7 192588]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2003-2-10 114688]
R2 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [2002-12-18 36064]
R2 CASDiscoverySvc;BrightStor Discovery Service;c:\program files\common files\ca\brightstor\cads\casdscsvc.exe [2002-10-1 135168]
R2 CASMsgEngine;BrightStor AB Message Engine;c:\program files\ca\brightstor arcserve backup\msgeng.exe [2002-10-9 62976]
R2 CATIRPC;CA Remote Procedure Call Server;c:\program files\ca\brightstor arcserve backup\Catirpc.exe [2002-10-1 24576]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2007-4-20 140184]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2009-11-10 14144]
R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2009-11-10 144704]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-5-27 282824]
R2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swAgent.exe [2009-11-10 202048]
R2 TSScheduleBackup;TimeslipsBackup;c:\windows\system32\TSSchBkpService.exe [2007-11-26 705024]
R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2009-11-10 79816]
R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2009-11-10 35272]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 SmartSource;SmartSource;c:\windows\system32\drivers\SmartSource.sys [2008-11-25 192640]
R3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TSUSB2.sys [2007-11-2 54016]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [2008-7-12 39048]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\41.tmp --> c:\windows\system32\41.tmp [?]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2009-11-10 34248]

=============== Created Last 30 ================

2010-04-20 15:57:10 0 ----a-w- c:\documents and settings\lee\defogger_reenable
2010-04-20 15:22:44 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-20 15:22:02 0 d-----w- c:\program files\Hitman Pro 3.5
2010-04-20 15:22:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-04-13 18:30:35 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-13 18:30:13 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-13 18:30:12 0 d-----w- c:\docume~1\lee\applic~1\SUPERAntiSpyware.com
2010-04-13 16:58:00 0 d-----w- c:\program files\CCleaner
2010-04-07 20:30:09 0 d-----w- c:\program files\ESET
2010-04-07 19:28:59 0 d-sha-r- C:\cmdcons
2010-04-07 19:26:17 98816 ----a-w- c:\windows\sed.exe
2010-04-07 19:26:17 77312 ----a-w- c:\windows\MBR.exe
2010-04-07 19:26:17 261632 ----a-w- c:\windows\PEV.exe
2010-04-07 19:26:17 161792 ----a-w- c:\windows\SWREG.exe
2010-04-07 16:05:43 0 ----a-w- c:\windows\system32\RENB6.tmp
2010-04-07 16:05:43 0 ----a-w- c:\windows\system32\RENB5.tmp
2010-04-06 15:18:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 15:18:12 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 15:18:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 13:49:22 0 d-----w- c:\windows\ERUNT
2010-04-06 13:44:36 0 d-----w- C:\SDFix
2010-04-02 20:58:23 0 d-----w- c:\program files\Sophos
2010-04-02 19:08:18 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-25 06:18:25 0 d-----w- c:\docume~1\lee\applic~1\McAfee

==================== Find3M ====================

2010-04-05 22:07:06 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-03-11 12:38:54 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-26 16:53:55 124876 ---ha-w- c:\windows\system32\mlfcache.dat

============= FINISH: 12:02:37.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:49 PM

Posted 27 April 2010 - 08:34 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 scorpioLP

scorpioLP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 27 April 2010 - 10:02 AM

myrti,

Thanks for tackling this issue. Since my original post, i have not done anything to attempt to fix the problem aside from running a few more scans. I am still having the same issue where .TMP folders are being created in my windows\temp file. Approximately every 5 minutes. I have an svchost.exe process that is chewing up memory and then eating up my processor. I have the occassional crash, but the anti-malware scans (hitman, super antispyware, malwarebytes) don't come up with anything.

i have pasted the reports below.

(There must be a character limit... i couldn't put it all in one post)




OTL.txt
OTL logfile created on: 4/27/2010 9:57:10 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\lee\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2444 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.51 Gb Total Space | 176.94 Gb Free Space | 38.01% Space Free | Partition Type: NTFS
Drive D: | 74.46 Gb Total Space | 8.24 Gb Free Space | 11.06% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 136.69 Gb Total Space | 21.96 Gb Free Space | 16.07% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive U: | 136.69 Gb Total Space | 21.96 Gb Free Space | 16.07% Space Free | Partition Type: NTFS
Drive W: | 136.69 Gb Total Space | 21.96 Gb Free Space | 16.07% Space Free | Partition Type: NTFS

Computer Name: ZEUS
Current User Name: lee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/27 09:56:02 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lee\Desktop\OTL.exe
PRC - [2010/04/02 09:00:12 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
PRC - [2010/04/02 05:24:02 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/25 17:27:34 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
PRC - [2010/01/25 17:25:40 | 000,472,384 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2010/01/25 17:23:24 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2009/12/15 14:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2009/12/15 14:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2009/09/16 20:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 19:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/06/03 07:48:36 | 001,406,224 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2009/03/02 16:50:16 | 000,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2008/06/20 21:01:56 | 001,512,720 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
PRC - [2007/10/23 12:09:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/06/19 23:00:22 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/20 08:09:58 | 001,945,712 | ---- | M] (Acronis) -- C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
PRC - [2007/04/20 08:03:08 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
PRC - [2007/04/20 08:03:02 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
PRC - [2007/04/20 07:59:30 | 001,169,720 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
PRC - [2007/02/05 15:40:46 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2006/12/07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2006/12/07 16:52:08 | 000,340,888 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
PRC - [2006/11/21 18:08:58 | 000,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2006/06/15 19:17:00 | 000,705,024 | ---- | M] () -- C:\WINDOWS\SYSTEM32\TSSchBkpService.exe
PRC - [2005/07/15 14:48:34 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
PRC - [2005/06/13 11:40:18 | 000,110,592 | ---- | M] (SanDisk) -- C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
PRC - [2005/02/17 15:29:14 | 000,458,752 | ---- | M] (Promatek) -- C:\WINERS\LCWIN32.exe
PRC - [2004/09/20 10:03:26 | 000,233,472 | ---- | M] (Promatek) -- C:\WINERS\ERSRTDAM.exe
PRC - [2004/06/04 16:50:09 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2004/06/01 16:15:41 | 000,062,976 | ---- | M] (Computer Associates) -- C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
PRC - [2003/11/04 10:34:38 | 000,192,588 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\Common Files\CA\Alert\alert.exe
PRC - [2003/09/15 16:53:06 | 000,503,869 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2003/04/22 18:41:48 | 000,126,976 | ---- | M] (Computer Associates) -- C:\Program Files\CA\BrightStor ARCserve Backup\CASMRTBK.EXE
PRC - [2003/04/22 18:41:29 | 000,049,152 | ---- | M] () -- C:\Program Files\CA\BrightStor ARCserve Backup\ASAlert.exe
PRC - [2003/04/22 18:39:39 | 000,135,168 | ---- | M] (Computer Associates) -- C:\Program Files\Common Files\CA\BrightStor\CADS\casdscsvc.exe
PRC - [2003/04/21 21:14:36 | 000,024,576 | ---- | M] (Computer Associates) -- C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
PRC - [2003/02/10 06:52:30 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2002/09/12 11:28:14 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/04/04 14:56:10 | 000,163,840 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 09:56:02 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lee\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2003/10/06 15:16:00 | 001,126,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nview.dll
MOD - [2003/10/06 15:16:00 | 000,552,960 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nviewimg.dll
MOD - [2003/10/06 15:16:00 | 000,035,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvwddi.dll
MOD - [2003/07/16 12:42:41 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\umdmxfrm.dll
MOD - [2003/07/16 12:38:16 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\serwvdrv.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/25 17:27:34 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe -- (SWAGENT)
SRV - [2010/01/25 17:23:24 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2009/12/15 14:22:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2009/12/15 14:21:04 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2009/09/16 19:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/10/25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/23 12:09:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/04/20 08:03:02 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2006/12/07 16:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2006/06/15 19:17:00 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\TSSchBkpService.exe -- (TSScheduleBackup)
SRV - [2004/06/01 16:15:41 | 000,062,976 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe -- (CASMsgEngine)
SRV - [2003/11/04 10:34:38 | 000,192,588 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\Common Files\CA\Alert\ALERT.EXE -- (Alert Notification Server)
SRV - [2003/04/22 18:39:39 | 000,135,168 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\Common Files\CA\BrightStor\CADS\casdscsvc.exe -- (CASDiscoverySvc)
SRV - [2003/04/21 21:14:36 | 000,024,576 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe -- (CATIRPC)
SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2003/03/03 15:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/02/10 06:52:30 | 000,114,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2002/04/04 14:56:10 | 000,163,840 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/15 14:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 14:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 14:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/12/15 14:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (MfeBOPK)
DRV - [2009/12/15 14:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (MfeAVFK)
DRV - [2008/10/06 18:25:10 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/06 18:25:10 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2008/10/06 18:24:56 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/05/13 10:12:48 | 000,192,640 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SmartSource.sys -- (SmartSource)
DRV - [2007/02/02 05:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 05:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/19 15:14:20 | 000,054,016 | ---- | M] (HTL) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\TSUSB2.sys -- (TSUSB2)
DRV - [2007/01/15 17:18:30 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2005/10/20 16:25:18 | 000,191,400 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\windrvr6.sys -- (WinDriver6)
DRV - [2005/04/25 14:50:18 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 23:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 23:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 23:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 23:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 23:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 23:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 23:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 23:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 23:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/06/04 16:50:11 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/06/04 16:50:11 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2004/06/04 16:50:11 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2004/06/04 16:50:11 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2004/06/04 16:50:10 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/09/15 16:27:04 | 000,022,183 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btserial.sys -- (BTSERIAL)
DRV - [2003/09/15 16:26:40 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btslbcsp.sys -- (BTSLBCSP)
DRV - [2003/09/15 16:23:40 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003/09/15 16:22:06 | 000,146,812 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - [2003/09/15 16:17:02 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys -- (BTDriver)
DRV - [2003/09/15 16:15:28 | 000,021,861 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btaudio.sys -- (BtAudio)
DRV - [2003/09/15 16:14:36 | 000,051,848 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwusb.sys -- (BTWUSB)
DRV - [2003/07/16 12:42:39 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2003/07/16 12:41:17 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2003/07/16 12:41:16 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2003/07/16 12:41:16 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2003/07/16 12:41:16 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2003/07/16 12:40:06 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2003/07/16 12:36:08 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2003/07/16 12:36:07 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2003/07/16 12:36:06 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2003/07/16 12:29:06 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2003/07/16 12:20:43 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2003/07/16 12:19:41 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2003/07/16 12:18:27 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2003/07/16 12:18:27 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2003/07/16 12:18:13 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2002/12/18 06:31:06 | 000,036,064 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Asfalrt.sys -- (AsfAlrt)
DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ICDUSB2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk
IE - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local



O1 HOSTS File: ([2010/04/06 10:09:09 | 000,000,686 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DLPSP] c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe (Maxtor)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE (Novell, Inc., c/o Corel Corporation Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\SYSTEM32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\SYSTEM32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ERS Alarm (2).lnk = C:\WINERS\Rtcom.exe (Promatek Industries Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ERS Web Services with Web-Edit II [ERSRTDAM].lnk = C:\WINERS\ERSRTDAM.exe (Promatek)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ERS Web Services with Web-Edit II [LCWIN32].lnk = C:\WINERS\LCWIN32.exe (Promatek)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe (SanDisk)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save Web Page to askSam... - C:\Program Files\askSam\askSam6\ASAdd.htm ()
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2118638900-2601185567-3914515843-1161\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstall...&expId=6384 (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://www.pestscan.com/scanner/axscanner.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h20278.www2.hp.com/HPISWeb/Customer...SWebManager.CAB (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://aucam.dyndns.biz/activex/AxisCamControl.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O16 - DPF: ppctlcab http://www.pestscan.com/scanner/ppctlcab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KSFLAW.local
O18 - Protocol\Handler\asksam6 {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - C:\Program Files\askSam\askSam6\AS6_AIPP.dll (askSam Systems)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Basic\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.705.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Lee\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lee\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 15:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/03 15:36:02 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: pip - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.0.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.0.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3CD3083B-4B65-0FFE-CAFB-E34D0CD28E4D} - Macromedia Shockwave Director 10.0.1
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\L3CODECX.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2007/01/16 07:39:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/27 09:55:50 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lee\Desktop\OTL.exe
[2010/04/27 03:20:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/20 11:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/20 11:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/20 11:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lee\My Documents\TCPView
[2010/04/20 10:56:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lee\Recent
[2010/04/20 10:40:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/13 14:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/13 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/13 14:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lee\Application Data\SUPERAntiSpyware.com
[2010/04/13 12:58:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/13 12:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/07 16:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/07 15:28:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/07 15:26:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/07 15:26:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/07 15:26:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/07 15:26:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/07 15:26:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/07 15:24:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/06 11:18:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/06 11:18:12 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/06 11:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/06 09:49:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/04/06 09:44:36 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/04/02 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/04/02 14:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/02 14:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/02 11:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/02 11:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2007/04/10 11:04:37 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/27 09:56:02 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lee\Desktop\OTL.exe
[2010/04/27 09:43:40 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/27 09:42:42 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/04/27 09:42:39 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job
[2010/04/27 03:17:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 03:17:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/27 03:15:31 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/04/27 03:15:27 | 019,439,616 | ---- | M] () -- C:\Documents and Settings\lee\ntuser.dat
[2010/04/27 03:15:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\lee\NTUSER.INI
[2010/04/26 13:46:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/26 10:30:11 | 000,000,419 | ---- | M] () -- C:\WINDOWS\TIMESLIP.INI
[2010/04/26 10:15:18 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/26 10:03:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/23 16:28:31 | 000,056,808 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20090209 - 2008 Operating Expense Figures.pdf
[2010/04/23 16:19:17 | 000,043,603 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100422 - Flawed 2008 calculation.pdf
[2010/04/22 11:39:44 | 000,010,063 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100422 - SossonJ Bill.pdf
[2010/04/21 18:43:27 | 000,010,476 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/21 16:09:01 | 000,123,604 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100421 - Lease re late payment.pdf
[2010/04/21 15:56:15 | 000,547,991 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100501 - Rent Statement.pdf
[2010/04/21 11:51:53 | 000,017,028 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20091124 - SurianoR Bill.pdf
[2010/04/21 10:20:48 | 000,320,215 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\WindowsTemp.jpg
[2010/04/20 18:58:00 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/20 12:04:08 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\gmer.zip
[2010/04/20 12:00:26 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\dds.scr
[2010/04/20 11:57:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\lee\defogger_reenable
[2010/04/20 11:56:54 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\Defogger.exe
[2010/04/20 11:28:27 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\TCPView.lnk
[2010/04/20 11:22:02 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/20 10:57:46 | 000,011,292 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\cc_20100420_105740.reg
[2010/04/19 10:36:59 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\lee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 10:25:15 | 000,001,596 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/04/16 10:48:14 | 000,013,082 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20000822 - BabendreirG Bill.pdf
[2010/04/15 17:57:46 | 003,712,018 | -H-- | M] () -- C:\Documents and Settings\lee\Local Settings\Application Data\IconCache.db
[2010/04/15 12:38:06 | 000,026,322 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100415 - Wire Transfer to Fairbridges.pdf
[2010/04/15 11:43:12 | 000,014,600 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100415 - LynchL Bill.pdf
[2010/04/15 11:25:21 | 000,006,532 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100415 - CulverA 2009 Retainers.pdf
[2010/04/14 16:54:30 | 000,011,149 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\2010414 - IzurietaH Memo Bill.pdf
[2010/04/14 16:43:57 | 000,014,316 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100414 - LynchL Bill.pdf
[2010/04/13 16:39:47 | 000,010,408 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100413 - MangheeS Bill.pdf
[2010/04/13 14:30:19 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/13 13:07:18 | 000,311,404 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\cc_20100413_130712.reg
[2010/04/13 12:58:03 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\CCleaner.lnk
[2010/04/12 16:20:08 | 000,010,716 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\DC Metro Protocol Committee Cover Letter (April 2010).docx
[2010/04/12 16:02:41 | 000,010,763 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\DC Metro Protocol Committee Cover Letter (April 2010)
[2010/04/12 10:51:40 | 000,027,309 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100412 - VML SmarTrip.pdf
[2010/04/09 14:13:16 | 000,026,639 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100409 - Wire Transfer to Fairbridges.pdf
[2010/04/09 13:33:48 | 000,468,701 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\FIND_post card_A.jpg
[2010/04/09 11:30:36 | 000,001,696 | -H-- | M] () -- C:\Documents and Settings\lee\My Documents\Default.rdp
[2010/04/08 12:27:47 | 000,010,725 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100408 - LewisT Bill.pdf
[2010/04/08 11:18:17 | 000,019,324 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100408 - CorriganM Bills.pdf
[2010/04/08 09:57:18 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/07 15:29:06 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/06 15:48:27 | 000,023,427 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\Inventory of the House as of 031810.docx
[2010/04/06 14:09:50 | 001,181,184 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\flyer.jpg
[2010/04/06 12:08:58 | 000,001,156 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/06 11:18:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/06 11:07:55 | 000,059,664 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\mbam-clean.exe
[2010/04/06 10:09:09 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/04/06 09:29:02 | 001,529,241 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\SDFix.exe
[2010/04/05 18:07:06 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/04/05 16:43:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\dns5xbp4.exe
[2010/04/02 16:45:06 | 001,339,288 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\sar_15_sfx.exe
[2010/04/02 14:40:27 | 000,008,698 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3330083627
[2010/04/02 14:39:12 | 000,008,706 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1526028726
[2010/04/02 14:35:17 | 000,008,670 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/04/02 08:24:27 | 000,008,608 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\mail_ksflaw_com.zip
[2010/04/01 16:31:18 | 000,006,666 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100401 - DFC March Retainers.pdf
[2010/04/01 11:49:12 | 000,012,492 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100324 - FitzgeraldD Bill.pdf
[2010/04/01 11:30:53 | 000,003,010 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\04-01-10 Klusaritz let.tmm.wpd
[2010/03/30 12:46:28 | 000,006,736 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100330 - Takyi 02 Invoice Listing.pdf
[2010/03/30 11:56:25 | 000,033,313 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\PrenuptialInfo-txt.docx
[2010/03/30 11:37:45 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\PrenuptialInfo.docx
[2010/03/30 11:37:45 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\Copy (1)PrenuptialInfo.docx
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 08:40:56 | 000,811,569 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100329 - Takyi 02 Summary Bill.PDF
[2010/03/29 08:34:22 | 000,024,876 | ---- | M] () -- C:\Documents and Settings\lee\My Documents\20100329 - Takyi 02 Bills.pdf
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 10:03:29 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/23 16:28:31 | 000,056,808 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20090209 - 2008 Operating Expense Figures.pdf
[2010/04/23 16:19:17 | 000,043,603 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100422 - Flawed 2008 calculation.pdf
[2010/04/22 11:39:44 | 000,010,063 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100422 - SossonJ Bill.pdf
[2010/04/21 16:09:01 | 000,123,604 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100421 - Lease re late payment.pdf
[2010/04/21 15:56:15 | 000,547,991 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100501 - Rent Statement.pdf
[2010/04/21 11:51:53 | 000,017,028 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20091124 - SurianoR Bill.pdf
[2010/04/21 10:20:48 | 000,320,215 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\WindowsTemp.jpg
[2010/04/20 12:04:06 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\gmer.zip
[2010/04/20 11:58:11 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\dds.scr
[2010/04/20 11:57:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lee\defogger_reenable
[2010/04/20 11:56:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\Defogger.exe
[2010/04/20 11:28:27 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\TCPView.lnk
[2010/04/20 11:22:44 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/20 11:22:02 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/20 10:57:43 | 000,011,292 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\cc_20100420_105740.reg
[2010/04/16 10:48:14 | 000,013,082 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20000822 - BabendreirG Bill.pdf
[2010/04/15 12:35:28 | 000,026,322 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100415 - Wire Transfer to Fairbridges.pdf
[2010/04/15 11:43:12 | 000,014,600 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100415 - LynchL Bill.pdf
[2010/04/15 11:25:21 | 000,006,532 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100415 - CulverA 2009 Retainers.pdf
[2010/04/14 16:54:30 | 000,011,149 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\2010414 - IzurietaH Memo Bill.pdf
[2010/04/14 16:43:57 | 000,014,316 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100414 - LynchL Bill.pdf
[2010/04/13 16:39:47 | 000,010,408 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100413 - MangheeS Bill.pdf
[2010/04/13 14:30:19 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/13 13:07:15 | 000,311,404 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\cc_20100413_130712.reg
[2010/04/13 12:58:03 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\CCleaner.lnk
[2010/04/12 16:20:07 | 000,010,716 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\DC Metro Protocol Committee Cover Letter (April 2010).docx
[2010/04/12 16:01:54 | 000,010,763 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\DC Metro Protocol Committee Cover Letter (April 2010)
[2010/04/12 10:51:40 | 000,027,309 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100412 - VML SmarTrip.pdf
[2010/04/09 14:09:24 | 000,026,639 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100409 - Wire Transfer to Fairbridges.pdf
[2010/04/09 13:33:48 | 000,468,701 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\FIND_post card_A.jpg
[2010/04/08 12:27:47 | 000,010,725 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100408 - LewisT Bill.pdf
[2010/04/08 11:18:17 | 000,019,324 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100408 - CorriganM Bills.pdf
[2010/04/07 15:29:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/07 15:29:01 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/07 15:26:17 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/07 15:26:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/07 15:26:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/07 15:26:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/07 15:26:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/06 15:38:25 | 000,023,427 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\Inventory of the House as of 031810.docx
[2010/04/06 14:09:49 | 001,181,184 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\flyer.jpg
[2010/04/06 12:08:58 | 000,001,156 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/06 11:18:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/06 11:07:49 | 000,059,664 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\mbam-clean.exe
[2010/04/06 09:44:25 | 001,529,241 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\SDFix.exe
[2010/04/05 16:43:32 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\dns5xbp4.exe
[2010/04/02 16:58:11 | 001,339,288 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\sar_15_sfx.exe
[2010/04/02 14:39:10 | 000,008,698 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3330083627
[2010/04/02 14:39:01 | 000,008,706 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1526028726
[2010/04/02 14:33:04 | 000,008,670 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\LK2mfPE2j
[2010/04/02 08:24:26 | 000,008,608 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\mail_ksflaw_com.zip
[2010/04/01 16:31:18 | 000,006,666 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100401 - DFC March Retainers.pdf
[2010/04/01 12:05:18 | 000,003,010 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\04-01-10 Klusaritz let.tmm.wpd
[2010/04/01 11:49:12 | 000,012,492 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100324 - FitzgeraldD Bill.pdf
[2010/03/30 19:07:24 | 019,439,616 | ---- | C] () -- C:\Documents and Settings\Lee\ntuser.dat
[2010/03/30 12:46:28 | 000,006,736 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100330 - Takyi 02 Invoice Listing.pdf
[2010/03/30 11:56:24 | 000,033,313 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\PrenuptialInfo-txt.docx
[2010/03/30 11:53:24 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\Copy (1)PrenuptialInfo.docx
[2010/03/29 21:33:51 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\PrenuptialInfo.docx
[2010/03/29 08:40:40 | 000,811,569 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100329 - Takyi 02 Summary Bill.PDF
[2010/03/29 08:34:22 | 000,024,876 | ---- | C] () -- C:\Documents and Settings\lee\My Documents\20100329 - Takyi 02 Bills.pdf
[2008/09/04 15:35:13 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\SmartSource.dll
[2008/09/04 15:31:24 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\LM_A6D.dll
[2008/07/12 15:58:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2008/07/12 14:54:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2008/07/12 14:54:45 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2008/07/12 14:54:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2007/11/26 16:24:42 | 000,000,419 | ---- | C] () -- C:\WINDOWS\TIMESLIP.INI
[2007/10/23 15:44:08 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\rjhExt.dll
[2007/10/15 15:33:25 | 000,000,422 | ---- | C] () -- C:\WINDOWS\System32\MSST42.DLL
[2007/04/10 11:04:34 | 000,000,507 | ---- | C] () -- C:\WINDOWS\DKAAY2DD.ini
[2007/01/03 18:08:53 | 000,000,400 | ---- | C] () -- C:\WINDOWS\DESI.INI
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/28 10:13:46 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/14 12:52:16 | 000,000,011 | ---- | C] () -- C:\WINDOWS\TSREMOTE.INI
[2006/11/27 14:07:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PPViewer.INI
[2006/10/02 14:24:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/06/06 13:10:31 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\custmon2k.dll
[2006/02/24 15:32:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/02/06 12:54:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/26 16:05:09 | 000,000,011 | ---- | C] () -- C:\WINDOWS\nextsteps.ini
[2005/09/22 17:32:01 | 000,000,123 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/09/22 17:32:00 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2005/09/22 17:29:24 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2005/09/22 17:27:41 | 000,007,427 | ---- | C] () -- C:\WINDOWS\hplj42504350.ini
[2005/09/22 17:27:32 | 000,001,415 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2005/05/27 12:49:49 | 000,000,653 | ---- | C] () -- C:\WINDOWS\WINERS.INI
[2005/05/27 11:30:58 | 000,003,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\LCARDIOI.SYS
[2005/05/27 11:30:58 | 000,003,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\LCARDIOP.SYS
[2005/05/27 11:30:58 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\drivers\LCARDIO.INI
[2005/05/27 11:30:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\LCWIN_IF.dll
[2005/05/27 11:30:57 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\FAXCOST.DLL
[2005/05/27 11:30:57 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\XDCComLib.dll
[2005/05/27 11:30:57 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\GENVAL.DLL
[2005/05/27 11:30:57 | 000,004,634 | ---- | C] () -- C:\WINDOWS\WINRPT.INI
[2005/05/27 11:30:56 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\ERSIAP32.dll
[2005/05/27 11:30:56 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ERSRT.DLL
[2005/05/27 11:29:32 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\Vbext32.dll
[2005/05/27 11:29:32 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\DTCTRACE.DLL
[2005/05/19 12:04:09 | 001,298,432 | ---- | C] () -- C:\WINDOWS\System32\dten53u.dll
[2005/04/25 16:44:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/04/25 16:43:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2005/04/01 20:46:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2005/04/01 20:46:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2005/03/10 14:06:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2004/12/08 14:26:48 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/08/16 12:10:20 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2004/08/16 12:10:20 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/06/02 10:41:21 | 000,000,074 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
[2004/05/18 10:34:12 | 000,000,091 | ---- | C] () -- C:\WINDOWS\tb96.ini
[2004/05/18 09:56:39 | 000,000,189 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/05/18 09:56:39 | 000,000,095 | ---- | C] () -- C:\WINDOWS\Tb98.ini
[2004/05/18 09:56:29 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL
[2004/05/18 09:56:29 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL
[2004/05/18 09:56:29 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL
[2004/05/18 09:56:29 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2004/04/12 12:54:58 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/13 17:54:54 | 000,000,265 | ---- | C] () -- C:\WINDOWS\efinl.ini
[2004/01/13 13:45:20 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\tutil32.dll
[2003/12/08 20:22:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/08 20:18:14 | 000,000,784 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/12/08 20:16:59 | 000,000,642 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/08 20:11:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/08 19:56:53 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/08 19:56:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/12/08 19:28:04 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/15 16:41:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/09/15 16:41:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/09/15 16:36:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/09/15 16:27:04 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2003/02/25 14:19:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/12/18 06:31:54 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\aolninst.dll
[2002/12/18 06:31:36 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/03/19 18:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/09/22 11:00:00 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[1999/06/25 20:27:44 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\Dls2d.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\XP\I386\sp2.cab:AGP440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2002/07/22 15:05:04 | 000,020,944 | ---- | M] (Microsoft Corporation) MD5=5F8C3AB838B248AD396D0FB02AB3E450 -- C:\0xLP\WinNT Uninstall Files\$NtServicePackUninstall$\agp440.sys
[2001/08/17 15:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
[2003/07/16 12:21:40 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2003/07/16 12:40:05 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003/07/16 12:40:05 | 010,158,890 | ---- | M] () .cab file -- C:\XP\I386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\XP\I386\sp2.cab:atapi.sys
[2002/07/22 15:05:04 | 000,086,704 | ---- | M] (Microsoft Corporation) MD5=7A62A6C8303C9D026DD926F397B2FB57 -- C:\0xLP\WinNT Uninstall Files\$NtServicePackUninstall$\atapi.sys
[2003/07/16 12:18:31 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\pebuilder313\20050810BartPE\i386\system32\drivers\atapi.sys
[2003/07/16 12:18:31 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\pebuilder313\20050811BartPE\i386\system32\drivers\atapi.sys
[2003/07/16 12:18:31 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\pebuilder313\BartPE\i386\system32\drivers\atapi.sys
[2003/07/16 12:18:31 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder319\20060830\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder319\20060831\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2003/04/23 11:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys
[2002/10/24 16:59:48 | 000,087,040 | R--- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\pebuilder313\20060830BartPE-Gateway\i386\system32\drivers\atapi.sys
[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\UBCD4Win\plugin\!Critical\Large IDE-Fix\files\sp2\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2003/06/19 15:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\0xLP\WinNT Uninstall Files\$NtUninstallKB835732$\eventlog.dll
[2002/08/26 09:45:44 | 000,045,328 | ---- | M] (Microsoft Corporation) MD5=7E92898661116519E1004F2741F594CF -- C:\0xLP\WinNT Uninstall Files\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2002/07/22 15:05:04 | 000,045,328 | ---- | M] (Microsoft Corporation) MD5=B3D525A4AD64D3E603857D24FF0B3B94 -- C:\0xLP\WinNT Uninstall Files\$NtUninstallQ329115$\eventlog.dll
[2002/08/29 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL
[2003/07/16 12:22:12 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/03/23 22:17:01 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=CEB85BFA135CBDDA10C89E5D31D95F9B -- C:\0xLP\WinNT Uninstall Files\$NtUpdateRollupPackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2003/06/19 15:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\0xLP\WinNT Uninstall Files\$NtUninstallKB835732$\netlogon.dll
[2002/07/22 15:05:04 | 000,371,472 | ---- | M] (Microsoft Corporation) MD5=18CD1340034A2B097EC8C698022B7BEB -- C:\0xLP\WinNT Uninstall Files\$NtUninstallQ329115$\netlogon.dll
[2004/03/23 22:17:01 | 000,371,472 | ---- | M] (Microsoft Corporation) MD5=21537BC1F1AB7667A3828B2344E6D4BA -- C:\0xLP\WinNT Uninstall Files\$NtUpdateRollupPackUninstall$\netlogon.dll
[2002/08/26 09:45:44 | 000,360,720 | ---- | M] (Microsoft Corporation) MD5=39B149D3EFD1002B527996ACB991092C -- C:\0xLP\WinNT Uninstall Files\$NtServicePackUninstall$\netlogon.dll
[2002/08/29 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2003/07/16 12:32:31 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\pebuilder313\20050810BartPE\i386\system32\netlogon.dll
[2003/07/16 12:32:31 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\pebuilder313\20050811BartPE\i386\system32\netlogon.dll
[2003/03/31 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\pebuilder313\20060830BartPE-Gateway\i386\system32\netlogon.dll
[2003/07/16 12:32:31 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\pebuilder313\BartPE\i386\system32\netlogon.dll
[2003/07/16 12:32:31 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\pebuilder319\20060830\I386\SYSTEM32\NETLOGON.DLL
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\pebuilder319\20060831\I386\SYSTEM32\NETLOGON.DLL
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/03/23 22:17:01 | 000,111,376 | ---- | M] (Microsoft Corporation) MD5=0B476C9305098B37BE70F0AC29E671E5 -- C:\0xLP\WinNT Uninstall Files\$NtUpdateRollupPackUninstall$\scecli.dll
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\pebuilder319\20060830\I386\SYSTEM32\SCECLI.DLL
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\pebuilder319\20060831\I386\SYSTEM32\SCECLI.DLL
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\scecli.dll
[2002/08/26 09:45:46 | 000,129,296 | ---- | M] (Microsoft Corporation) MD5=13F2388BEDEF3656041B586F6805C4C6 -- C:\0xLP\WinNT Uninstall Files\$NtServicePackUninstall$\scecli.dll
[2002/08/29 07:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2003/07/16 12:37:42 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\pebuilder313\20050810BartPE\i386\system32\scecli.dll
[2003/07/16 12:37:42 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\pebuilder313\20050811BartPE\i386\system32\scecli.dll
[2003/03/31 08:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\pebuilder313\20060830BartPE-Gateway\i386\system32\scecli.dll
[2003/07/16 12:37:42 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\pebuilder313\BartPE\i386\system32\scecli.dll
[2003/07/16 12:37:42 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/07/22 15:05:04 | 000,111,888 | ---- | M] (Microsoft Corporation) MD5=D941A4AAEE0D7F5BB52E9D61EB30ABE7 -- C:\0xLP\WinNT Uninstall Files\$NtUninstallQ329115$\scecli.dll
[2003/06/19 15:05:04 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\0xLP\WinNT Uninstall Files\$NtUninstallKB835732$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iepeers.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/01/16 07:43:40 | 000,286,720 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\default.sav
[2007/01/16 06:36:17 | 000,262,144 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\security.sav
[2007/01/16 07:43:40 | 028,049,408 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\software.sav
[2007/01/16 07:43:40 | 008,912,896 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/21 09:58:36 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys
[2010/04/26 10:15:18 | 000,015,944 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\hitmanpro35.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\lee\Desktop\DC CHILDSUPPORT.pif:SummaryInformation
< End of report >

#4 scorpioLP

scorpioLP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 27 April 2010 - 10:06 AM

OTL Extras logfile created on: 4/27/2010 9:57:10 AM - Run 1

Report attached.

Attached Files



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:49 PM

Posted 27 April 2010 - 02:47 PM

Hi,

please run a rootkit scan next:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Let me know if you run into any problems.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 scorpioLP

scorpioLP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 29 April 2010 - 10:37 AM

Have had a few problems and i'm not sure if they're from the GMER tool or what. I ran it once under my username and it restarted. I wasn't there to see when and why it restarted, but when i got the message that windows applied updates and restarted. So, i'm assuming it was windows. I decided to run GMER in safe mode anyway. I started it last night.... and i check it this morning and same thing. The computer has been rebooted. I'm going to try and find the setting that kills the automatic reboot and try to run GMER again. I just wanted to post something just to let you know that i'm trying. I assume that GMER doesn't automatically save a log somewhere when it finishes, right ?

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:49 PM

Posted 30 April 2010 - 07:42 AM

Hi,

no it doesn't. Gmer can crash when infections or certain programs are present. Could you please try to uncheck the option devices and let me know if you are able to run a scan then?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 scorpioLP

scorpioLP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 30 April 2010 - 09:43 AM

I ran it again last night and when i checked it this morning, my computer wasn't restarted, but there was a windows application error. (ipoint.exe - unknown software exception). I don't know if that's relevant. And my computer was locked up. I had to reboot. So i decided to run GMER again, this time i unchecked the files option. (I've sat through enough of these scans to know that it gets through everything at the beginning. ) It ran through it fine and even let me save the log... but soon after, my computer locked up. So hopefully this has some information that can be helpful.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-30 10:02:22
Windows 5.1.2600 Service Pack 2
Running: ri5xti14.exe; Driver: C:\DOCUME~1\lee\LOCALS~1\Temp\pxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB925E320]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB915078A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9150738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB915074C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB91507CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9150710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB9150724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB915079E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9150776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9150762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB91507F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB91507E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB91507B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 80509034 7 Bytes JMP B91507B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 80572DCF 5 Bytes JMP B915078E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80573B37 5 Bytes JMP B9150766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8057964C 5 Bytes JMP B9150714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057BCA8 5 Bytes JMP B91507E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057C120 7 Bytes JMP B91507CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80583D91 7 Bytes JMP B91507A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058AB6C 7 Bytes JMP B9150750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058C3F5 5 Bytes JMP B91507FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 805B13C6 5 Bytes JMP B9150728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805C0C98 5 Bytes JMP B915073C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 806340DB 5 Bytes JMP B915077A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xBABA9340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6380, 0x25BA81, 0xF8000020]
init C:\WINDOWS\System32\drivers\AsfAlrt.sys entry point in "init" section [0xB92142A0]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D80094
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D80F95
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D8006F
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D8005E
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D80032
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D80F5D
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D800A5
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D800DE
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D80F3B
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00D800EF
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00D80043
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00D80FDE
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00D80F84
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00D80FBC
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00D80FCD
.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00D80F4C
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00D70FCA
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00D70036
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00D70FE5
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00D7001B
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00D70F79
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00D70000
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00D70F94
.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00D70FAF
.text C:\WINDOWS\System32\svchost.exe[480] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D60FC1
.text C:\WINDOWS\System32\svchost.exe[480] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D60042
.text C:\WINDOWS\System32\svchost.exe[480] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D60FD2
.text C:\WINDOWS\System32\svchost.exe[480] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D60000
.text C:\WINDOWS\System32\svchost.exe[480] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D60031
.text C:\WINDOWS\System32\svchost.exe[480] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D60FE3
.text C:\WINDOWS\System32\svchost.exe[480] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[480] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[480] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\System32\svchost.exe[480] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001A0014
.text C:\WINDOWS\System32\svchost.exe[480] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001B000A
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00920FEF
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00920089
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00920078
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00920067
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00920F9E
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00920FB9
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00920F57
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00920F68
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009200BA
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00920F2B
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009200CB
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00920036
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00920F79
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00920FCA
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00920011
.text C:\WINDOWS\System32\svchost.exe[764] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00920F3C
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00910040
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00910080
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0091002F
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00910FC3
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00910FEF
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00910065
.text C:\WINDOWS\System32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00910FD4
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!system 77C293C7 5 Bytes JMP 0090007A
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00900044
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00900055
.text C:\WINDOWS\System32\svchost.exe[764] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00900029
.text C:\WINDOWS\System32\svchost.exe[764] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 008E000A
.text C:\WINDOWS\System32\svchost.exe[764] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 008E001B
.text C:\WINDOWS\System32\svchost.exe[764] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 008E0FE5
.text C:\WINDOWS\System32\svchost.exe[764] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 008E0FD4
.text C:\WINDOWS\System32\svchost.exe[764] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0106000A
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01060F6D
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01060F88
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01060FA5
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01060FB6
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01060051
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01060F26
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01060F41
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 010600AE
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01060F15
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01060EFA
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01060062
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01060025
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01060F52
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01060FE5
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01060036
.text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01060093
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00FF0040
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00FF002F
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00FF0F8D
.text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0F7F
.text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0F90
.text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA0FB5
.text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA0FD2
.text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00C70011
.text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00C7002C
.text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00C70FD1
.text C:\WINDOWS\system32\services.exe[1008] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FE0F47
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FE0F58
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FE0F69
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FE0F86
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FE0FB2
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FE0F11
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FE0F22
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FE0099
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FE0088
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00FE00AA
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00FE0FA1
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00FE004D
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00FE001E
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00FE0FC3
.text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00FE0F00
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00DB0FC0
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00DB0F94
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00DB001B
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00DB0047
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00DB0036
.text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00DB0FAF
.text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0FA1
.text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0FB2
.text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0018
.text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0FC3
.text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA0FDE
.text C:\WINDOWS\system32\lsass.exe[1020] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00D80011
.text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00D80FDB
.text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00D80036
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A2007B
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A20F86
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A20F97
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A20FA8
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A20FCD
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A200B3
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A20F6B
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A20104
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A200E9
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A20F50
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A20054
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A20025
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A20096
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A20FDE
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A200CE
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A10F72
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A10025
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A10FE5
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A10F83
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A10F9E
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A10FB9
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A00FB7
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A00FC8
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A0001D
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A00038
.text C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A0000C
.text C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 009E0FE5
.text C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 009E0FC0
.text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BD0F4E
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BD0043
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BD0028
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BD0F6B
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BD0F97
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BD0079
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BD0068
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BD0F16
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BD00A5
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00BD0F05
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00BD0F7C
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00BD0F3D
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00BD0FA8
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00BD0FC3
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00BD0094
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00BC002F
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00BC0F8D
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00BC0FA8
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0033
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB0018
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00B90014
.text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00B90025
.text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BA000A
.text C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008F000A
.text C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 008E000C
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01560FEF
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01560F43
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01560F54
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01560F6F
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01560F8A
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0156002C
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01560F21
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0156005D
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01560EEB
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01560EFC
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01560ED0
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01560F9B
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01560FD4
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01560F32
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0156001B
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0156000A
.text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01560084
.text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01100FB9
.text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01100F83
.text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0110000A
.text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 01100FD4
.text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01100F94
.text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 01100FE5
.text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 01100036
.text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 01100025
.text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010F004C
.text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!system 77C293C7 5 Bytes JMP 010F0FC1
.text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010F001D
.text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010F000C
.text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010F0FD2
.text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010F0FE3
.text C:\WINDOWS\System32\svchost.exe[1288] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 010D0FEF
.text C:\WINDOWS\System32\svchost.exe[1288] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 010D000A
.text C:\WINDOWS\System32\svchost.exe[1288] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 010D001B
.text C:\WINDOWS\System32\svchost.exe[1288] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 010D002C
.text C:\WINDOWS\System32\svchost.exe[1288] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 010E0000
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009D0063
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009D0F64
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009D0F75
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009D0F86
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009D0028
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009D0F38
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009D0F49
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009D0F0C
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009D00A5
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009D00B6
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009D0FA1
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009D0074
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009D0FBC
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009D0FCD
.text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009D0F27
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 009C0FC3
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 009C0FA8
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 009C0065
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 009C0000
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 009C004A
.text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 009C002F
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0FC0
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B004B
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0029
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0000
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B003A
.text C:\WINDOWS\System32\svchost.exe[1408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[1408] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[1408] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\System32\svchost.exe[1408] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\System32\svchost.exe[1408] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\System32\svchost.exe[1408] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00950FEF
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00950F46
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00950F61
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00950F72
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00950F8D
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00950FAF
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00950F1A
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00950062
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00950EEE
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00950EFF
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009500AC
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00950F9E
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00950F35
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00950FCA
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0095001B
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 0095007D
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00940FC3
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 0094005B
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00940FDE
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00940040
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0094000A
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00940025
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00940FA8
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00930020
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!system 77C293C7 5 Bytes JMP 00930F95
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00930FC1
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00930FE3
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00930FB0
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00930FD2
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 001B0011
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 001B0FDB
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 001B0022
.text C:\WINDOWS\system32\svchost.exe[1444] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00920FEF
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009B0000
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009B0F85
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009B007A
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009B0069
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009B0058
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009B0036
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009B00A1
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009B0F59
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009B0F19
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009B00B2
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009B0F08
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 009B0047
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 009B0F6A
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 009B0025
.text C:\WINDOWS\System32\svchost.exe[1664] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009B0F34
.text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008D0FB9
.text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008D0062
.text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008D0FCA
.text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008D0000
.text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008D0051
.text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008D0040
.text C:\WINDOWS\System32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008D001B
.text C:\WINDOWS\System32\svchost.exe[1664] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0FC8
.text C:\WINDOWS\System32\svchost.exe[1664] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0049
.text C:\WINDOWS\System32\svchost.exe[1664] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C001D
.text C:\WINDOWS\System32\svchost.exe[1664] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C0000
.text C:\WINDOWS\System32\svchost.exe[1664] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0038
.text C:\WINDOWS\System32\svchost.exe[1664] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C0FE3
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 008A0FDE
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 008A0FCD
.text C:\WINDOWS\System32\svchost.exe[1664] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 008A0FBC
.text C:\WINDOWS\System32\svchost.exe[1664] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008B0000
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00960F7C
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00960F97
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00960065
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00960FB2
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00960039
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00960096
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00960F50
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00960F07
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00960F18
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 009600BB
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00960054
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00960014
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00960F61
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00960FCD
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00960FDE
.text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00960F33
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 008D001B
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 008D0F94
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 008D0047
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 008D0FAF
.text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 008D0036
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0038
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C0FB7
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C0016
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0027
.text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C0FD2
.text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 008A0FE5
.text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 008A0000
.text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 008A0011
.text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 008A0022
.text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008B0FE5
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001C0000
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001C0F66
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001C0F77
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001C0F88
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001C0051
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001C0FB9
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001C0076
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001C0F3A
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001C00A9
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001C0098
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001C00C4
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001C0040
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001C0FE5
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001C0F4B
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001C0025
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001C0FCA
.text C:\WINDOWS\System32\svchost.exe[2180] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001C0087
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002A0FC3
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002A0F75
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002A000A
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002A0F86
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002A0F97
.text C:\WINDOWS\System32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F005D
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0FD2
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F001D
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0000
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F0042
.text C:\WINDOWS\System32\svchost.exe[2180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F0FE3
.text C:\WINDOWS\System32\svchost.exe[2180] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00770FEF
.text C:\WINDOWS\System32\svchost.exe[2180] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00770FD4
.text C:\WINDOWS\System32\svchost.exe[2180] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00770FC3
.text C:\WINDOWS\System32\svchost.exe[2180] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00770FA8
.text C:\WINDOWS\system32\SearchIndexer.exe[2396] kernel32.dll!WriteFile 7C810D97 7 Bytes JMP 00C61B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[2676] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0094000A
.text C:\WINDOWS\system32\wuauclt.exe[2676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\wuauclt.exe[2676] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0093000C
.text C:\WINDOWS\system32\wuauclt.exe[2676] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0038
.text C:\WINDOWS\system32\wuauclt.exe[2676] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B001D
.text C:\WINDOWS\system32\wuauclt.exe[2676] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B000C
.text C:\WINDOWS\system32\wuauclt.exe[2676] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FE3
.text C:\WINDOWS\system32\wuauclt.exe[2676] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0FAD
.text C:\WINDOWS\system32\wuauclt.exe[2676] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FD2
.text C:\WINDOWS\system32\wuauclt.exe[2676] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002C002C
.text C:\WINDOWS\system32\wuauclt.exe[2676] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002C0FAC
.text C:\WINDOWS\system32\wuauclt.exe[2676] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002C0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2676] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002C001B
.text C:\WINDOWS\system32\wuauclt.exe[2676] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002C0069
.text C:\WINDOWS\system32\wuauclt.exe[2676] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002C0000
.text C:\WINDOWS\system32\wuauclt.exe[2676] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002C0058
.text C:\WINDOWS\system32\wuauclt.exe[2676] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002C003D
.text C:\WINDOWS\Explorer.EXE[4032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF000A
.text C:\WINDOWS\Explorer.EXE[4032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[4032] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B9000C
.text C:\WINDOWS\Explorer.EXE[4032] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002A0036
.text C:\WINDOWS\Explorer.EXE[4032] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\Explorer.EXE[4032] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\Explorer.EXE[4032] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002A001B
.text C:\WINDOWS\Explorer.EXE[4032] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002A006C
.text C:\WINDOWS\Explorer.EXE[4032] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002A000A
.text C:\WINDOWS\Explorer.EXE[4032] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\Explorer.EXE[4032] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002A0051
.text C:\WINDOWS\Explorer.EXE[4032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B005A
.text C:\WINDOWS\Explorer.EXE[4032] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B0049
.text C:\WINDOWS\Explorer.EXE[4032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0027
.text C:\WINDOWS\Explorer.EXE[4032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0000
.text C:\WINDOWS\Explorer.EXE[4032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0038
.text C:\WINDOWS\Explorer.EXE[4032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002B0FE3

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001195504b77
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001195504b77@0007e05cdb63 0x30 0x45 0xA6 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001195504b77 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001195504b77@0007e05cdb63 0x30 0x45 0xA6 0x00 ...

---- EOF - GMER 1.0.15 ----




#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:49 PM

Posted 30 April 2010 - 10:11 AM

Hi,

the scan should be fine for now. smile.gif

Please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 scorpioLP

scorpioLP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 30 April 2010 - 11:26 AM

It ran. It told me that combofix detected rootkit activity and rebooted. Finished the scan on startup. Here's the log.

ComboFix 10-04-29.05 - lee 04/30/2010 11:58:44.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1981 [GMT -4:00]
Running from: c:\documents and settings\lee\Desktop\ComboFix.exe
AV: Total Protection for Small Business *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lee\System
c:\documents and settings\Lee\System\win_qs7.jqx

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
.

2010-04-29 13:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-27 20:08 . 2010-04-27 20:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-04-20 15:22 . 2010-04-30 14:17 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-20 15:22 . 2010-04-20 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-20 15:22 . 2010-04-20 15:22 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-20 13:45 . 2010-04-20 13:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-04-13 18:30 . 2010-04-13 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-13 18:30 . 2010-04-13 18:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-13 18:30 . 2010-04-13 18:30 -------- d-----w- c:\documents and settings\lee\Application Data\SUPERAntiSpyware.com
2010-04-13 16:58 . 2010-04-13 16:58 -------- d-----w- c:\program files\CCleaner
2010-04-07 20:30 . 2010-04-07 20:30 -------- d-----w- c:\program files\ESET
2010-04-06 15:18 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 15:18 . 2010-04-06 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 15:18 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 14:46 . 2010-04-06 14:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-04-06 14:46 . 2010-04-06 14:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Research In Motion
2010-04-06 14:46 . 2010-04-06 14:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\McAfee
2010-04-06 13:49 . 2010-04-06 13:49 -------- d-----w- c:\windows\ERUNT
2010-04-06 13:44 . 2010-04-06 15:33 -------- d-----w- C:\SDFix
2010-04-02 20:58 . 2010-04-02 20:58 -------- d-----w- c:\program files\Sophos
2010-04-02 20:17 . 2010-04-02 20:17 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2010-04-02 19:08 . 2010-04-02 19:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-02 18:33 . 2010-04-08 07:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-02 15:56 . 2010-04-02 15:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 15:52 . 2005-08-17 21:21 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-30 15:47 . 2009-03-02 22:48 256 ----a-w- c:\windows\system32\pool.bin
2010-04-30 14:14 . 2007-06-08 18:33 -------- d-----w- c:\documents and settings\lee\Application Data\nView_Wallpaper
2010-04-30 08:54 . 2003-07-16 16:19 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-28 07:03 . 2007-10-23 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-27 20:08 . 2009-04-01 04:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-20 13:53 . 2010-04-20 13:45 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-20 13:45 . 2010-04-20 13:45 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-20 13:30 . 2010-04-13 18:31 117760 ----a-w- c:\documents and settings\Lee\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-19 16:47 . 2005-08-10 14:37 -------- d-----w- c:\program files\Lavasoft
2010-04-19 16:47 . 2009-08-31 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-13 18:31 . 2010-04-13 18:31 52224 ----a-w- c:\documents and settings\Lee\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-13 18:29 . 2008-09-04 19:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-07 16:07 . 2004-01-12 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-04-07 16:07 . 2004-01-12 22:26 -------- d-----w- c:\program files\Viewpoint
2010-04-07 16:07 . 2007-01-18 15:07 -------- d-----w- c:\documents and settings\lee\Application Data\Viewpoint
2010-04-07 16:05 . 2003-12-09 00:05 -------- d-----w- c:\program files\Java
2010-04-07 16:05 . 2010-04-07 16:05 0 ----a-w- c:\windows\system32\RENB6.tmp
2010-04-07 16:05 . 2010-04-07 16:05 0 ----a-w- c:\windows\system32\RENB5.tmp
2010-04-07 15:58 . 2004-09-30 13:54 -------- d-----w- c:\documents and settings\lee\Application Data\Aim
2010-04-07 15:57 . 2006-12-28 14:21 -------- d-----w- c:\program files\Common Files\AOL
2010-04-07 15:57 . 2006-12-28 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-04-06 15:18 . 2009-09-03 14:30 -------- d-----w- c:\documents and settings\lee\Application Data\Malwarebytes
2010-04-06 15:18 . 2009-09-03 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-06 14:46 . 2007-12-17 14:55 161224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-02 21:08 . 2003-12-23 19:07 -------- d-----w- c:\program files\DIGStream
2010-03-25 06:18 . 2010-03-25 06:18 -------- d-----w- c:\documents and settings\lee\Application Data\McAfee
2010-03-25 06:17 . 2010-03-25 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-23 18:08 . 2007-10-23 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-11 12:38 . 2003-07-16 16:45 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2003-07-16 16:20 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2003-07-16 16:43 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 12:31 . 2003-07-16 16:29 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:17 . 2003-07-16 16:33 2137088 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2002-08-29 01:04 2016768 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2003-07-16 16:17 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2003-07-16 16:41 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-07_19.42.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-13 14:10 . 2010-01-13 14:10 85504 c:\windows\SYSTEM32\DLLCACHE\cabview.dll
+ 2003-07-16 16:19 . 2010-01-13 14:10 85504 c:\windows\SYSTEM32\cabview.dll
+ 2010-04-13 18:30 . 2010-04-13 18:30 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-04-13 18:30 . 2010-04-13 18:30 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2010-03-11 08:13 . 2010-03-11 08:13 38240 c:\windows\Installer\{95120000-0038-0409-0000-0000000FF1CE}\TZMoveIcon.exe
+ 2010-04-28 07:03 . 2010-04-28 07:03 38240 c:\windows\Installer\{95120000-0038-0409-0000-0000000FF1CE}\TZMoveIcon.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2003-12-09 00:16 . 2010-03-11 08:07 90112 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2003-12-09 00:16 . 2010-03-11 08:07 45056 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2003-12-09 00:16 . 2010-03-11 08:07 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 22528 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2003-12-09 00:16 . 2010-03-11 08:07 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 12800 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\pubs.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2003-12-09 00:16 . 2010-03-11 08:07 16384 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2003-12-09 00:16 . 2010-03-11 08:07 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 34304 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-10-29 15:14 . 2010-03-11 08:15 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-10-29 15:14 . 2010-04-28 07:03 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-10-29 15:14 . 2010-03-11 08:15 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-10-29 15:14 . 2010-04-28 07:03 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-10-29 15:14 . 2010-03-11 08:15 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-10-29 15:14 . 2010-04-28 07:03 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-03-11 08:14 . 2010-03-11 08:14 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-04-28 07:03 . 2010-04-28 07:03 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2004-08-04 07:56 . 2004-08-04 07:56 6656 c:\windows\SYSTEM32\DLLCACHE\kbdinmal.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 6656 c:\windows\SYSTEM32\DLLCACHE\kbdinben.dll
+ 2004-08-04 07:56 . 2004-08-04 07:56 6144 c:\windows\SYSTEM32\DLLCACHE\kbdinbe1.dll
+ 2010-04-13 18:30 . 2010-04-13 18:30 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2003-12-09 00:16 . 2010-03-11 08:07 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 3584 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2003-12-09 00:16 . 2010-03-11 08:07 8192 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2003-12-09 00:16 . 2010-03-11 08:07 2560 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2003-07-16 16:45 . 2009-12-24 07:05 177664 c:\windows\SYSTEM32\wintrust.dll
+ 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll
+ 2006-11-08 01:03 . 2010-03-09 11:09 430080 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2006-08-16 09:37 . 2010-02-11 12:01 226880 c:\windows\SYSTEM32\DLLCACHE\tcpip6.sys
+ 2006-05-05 09:41 . 2010-02-24 12:31 454016 c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
+ 2006-08-16 11:58 . 2010-02-12 04:47 100864 c:\windows\SYSTEM32\DLLCACHE\6to4svc.dll
- 2003-12-09 00:16 . 2010-03-11 08:07 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 114688 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2003-12-09 00:16 . 2010-03-11 08:07 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
+ 2003-12-09 00:16 . 2010-04-26 14:06 155702 c:\windows\Installer\{91130409-6000-11D3-8CFE-0050048383C9}\bcicon.exe
+ 2007-10-29 15:14 . 2010-04-28 07:03 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-10-29 15:14 . 2010-03-11 08:15 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-10-29 15:14 . 2010-04-28 07:03 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2007-10-29 15:14 . 2010-03-11 08:15 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe
- 2007-10-29 15:14 . 2010-03-11 08:15 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-10-29 15:14 . 2010-04-28 07:03 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-10-29 15:14 . 2010-04-28 07:03 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
- 2007-10-29 15:14 . 2010-03-11 08:15 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2004-10-28 01:14 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2006-12-19 14:17 . 2010-02-16 13:19 2181376 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
+ 2006-12-19 12:55 . 2010-02-16 12:39 2016768 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2006-12-19 12:55 . 2010-02-16 12:39 2058368 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2006-12-19 14:15 . 2010-02-16 13:17 2137088 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2010-02-26 10:09 . 2010-02-26 10:09 8300544 c:\windows\Installer\9ebfc.msp
+ 2010-03-12 03:59 . 2010-03-12 03:59 5031424 c:\windows\Installer\4d2ae.msp
+ 2010-04-13 18:30 . 2010-04-13 18:30 1583616 c:\windows\Installer\4a7058.msi
+ 2007-10-29 15:14 . 2010-04-28 07:03 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-10-29 15:14 . 2010-03-11 08:15 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2005-03-02 00:59 . 2010-02-16 13:19 2181376 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2010-02-16 12:39 2016768 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2010-02-16 12:39 2058368 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:57 . 2010-02-16 13:17 2137088 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-03-22 20:03 . 2010-03-22 20:03 11732992 c:\windows\Installer\9dba62.msp
+ 2010-04-02 23:36 . 2010-04-02 23:36 45099008 c:\windows\Installer\68b90ba.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2004-06-04 684032]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2005-02-15 77887]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2006-12-07 340888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-04-02 624056]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 1169720]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 1945712]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 149024]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-01-25 472384]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-04-27 5937984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-9-15 503869]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-6-20 1512720]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-12-8 24576]
ERS Alarm (2).lnk - c:\winers\Rtcom.exe [2005-1-13 2362880]
ERS Web Services with Web-Edit II [ERSRTDAM].lnk - c:\winers\ERSRTDAM.exe [2004-9-20 233472]
ERS Web Services with Web-Edit II [LCWIN32].lnk - c:\winers\LCWIN32.exe [2005-2-17 458752]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2006-6-23 110592]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pip]
c:\thorpeforms\Instructions\_\Pip\pip [X]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\palmOne\\Hotsync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152
"59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 Alert Notification Server;Alert Notification Server;c:\program files\Common Files\CA\Alert\alert.exe [3/7/2005 4:17 PM 192588]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2/10/2003 6:52 AM 114688]
R2 AsfAlrt;AsfAlrt;c:\windows\SYSTEM32\DRIVERS\Asfalrt.sys [12/18/2002 6:31 AM 36064]
R2 CASDiscoverySvc;BrightStor Discovery Service;c:\program files\Common Files\CA\BrightStor\CADS\casdscsvc.exe [10/1/2002 6:54 AM 135168]
R2 CASMsgEngine;BrightStor AB Message Engine;c:\program files\CA\BrightStor ARCserve Backup\msgeng.exe [10/9/2002 6:05 PM 62976]
R2 CATIRPC;CA Remote Procedure Call Server;c:\program files\CA\BrightStor ARCserve Backup\Catirpc.exe [10/1/2002 6:45 AM 24576]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [4/20/2007 10:48 AM 140184]
R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [11/10/2009 6:25 PM 14144]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [5/27/2008 12:46 AM 282824]
R2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [11/10/2009 6:25 PM 202048]
R3 SmartSource;SmartSource;c:\windows\SYSTEM32\DRIVERS\SmartSource.sys [11/25/2008 1:42 AM 192640]
R3 TSUSB2;Driver for TellerScan Device;c:\windows\SYSTEM32\DRIVERS\TSUSB2.sys [11/2/2007 11:46 AM 54016]
S2 TSScheduleBackup;TimeslipsBackup;c:\windows\SYSTEM32\TSSchBkpService.exe [11/26/2007 4:23 PM 705024]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\SYSTEM32\DRIVERS\ICDUSB2.sys [7/12/2008 2:52 PM 39048]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\41.tmp --> c:\windows\system32\41.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2007-02-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 22:08]

2010-04-30 c:\windows\Tasks\SDMsgUpdate (SmartDrawTrial).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2005-03-17 20:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save Web Page to askSam... - c:\program files\askSam\askSam6\ASAdd.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: ameritrade.com
Trusted Zone: tdameritrade.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: {AAA3AF4A-22F2-4F50-A1FC-D957E3E1A356} = 192.168.1.200
Handler: asksam6 - {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - c:\program files\askSam\askSam6\AS6_AIPP.dll
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 12:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\41.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\relog_ap.dll
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2010-04-30 12:16:08
ComboFix-quarantined-files.txt 2010-04-30 16:16
ComboFix2.txt 2010-04-08 14:02
ComboFix3.txt 2010-04-07 19:46

Pre-Run: 189,368,315,904 bytes free
Post-Run: 189,871,214,592 bytes free

- - End Of File - - 2D8B76C5C685A526297B8852948003AF


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:49 PM

Posted 01 May 2010 - 05:32 AM

Hi,
this looks good, how is your PC doing? Please run a scan with Malwarebytes to check for leftovers:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 scorpioLP

scorpioLP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 01 May 2010 - 07:50 AM

PC is doing great. No more weird svchost.exe activity and the windows\temp folder is empty... no more strange .TMP folders being created.

i ran MBAM. Nothing came up. Here's the log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4056

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

5/1/2010 8:44:54 AM
mbam-log-2010-05-01 (08-44-54).txt

Scan type: Quick scan
Objects scanned: 202157
Time elapsed: 8 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:49 PM

Posted 05 May 2010 - 06:56 AM

Hi,

happy to hear that! smile.gif Just to be safe I'd also like to run a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 scorpioLP

scorpioLP
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 06 May 2010 - 09:04 AM

The results from the ESET scan...

C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Drivers\cdrom.sys.vir Win32/Patched.EQ trojan deleted - quarantined
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1059\A0117517.sys Win32/Patched.EQ trojan deleted - quarantined
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1066\A0125936.sys Win32/Patched.EQ trojan deleted - quarantined
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1067\A0127980.sys Win32/Patched.EQ trojan deleted - quarantined
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1069\A0128382.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
D:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
D:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1069\A0128383.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:49 PM

Posted 10 May 2010 - 11:02 AM

Hi,

this is looking good. I believe your logs are clean.

All that is left to do is to remove the programs we used:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
  2. Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  3. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users