Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Trojan, HELP!


  • This topic is locked This topic is locked
87 replies to this topic

#1 BolivianFuego

BolivianFuego

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 25 April 2010 - 05:44 PM

Hey guys, after playing with google and searching what it oculd be that I have on my computer, I came across this site.

I found a thread that is fairly new that has the same problems as I am having with my computer. I did the first part they asked, which was use GMER and post up the log with Mccafee off.

I did that, here is the log. Where do I go frmo here?

Here are the other threads I found that I am using as a guide somewhat....

http://www.bleepingcomputer.com/forums/t/310752/google-redirect-trojan-and-or-virus/

http://www.bleepingcomputer.com/forums/t/311093/google-redirect-trojan-and-or-virus/

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 18:27:59
Windows 5.1.2600 Service Pack 3
Running: tuwxvpww.exe; Driver: C:\DOCUME~1\DA'MAN~1\LOCALS~1\Temp\uwtdrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 80515A92 7 Bytes JMP B87387B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572BDF 5 Bytes JMP B8738811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80572F19 7 Bytes JMP B8738891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 80573DFB 5 Bytes JMP B873878E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80574B1F 5 Bytes JMP B8738766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80578710 5 Bytes JMP B8738825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A401 5 Bytes JMP B87387E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057A879 7 Bytes JMP B87387CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 8057E85A 7 Bytes JMP B873893B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8057EC5A 7 Bytes JMP B87388D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057F1C3 7 Bytes JMP B87387A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8057F592 5 Bytes JMP B8738714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8057FCE0 7 Bytes JMP B873887B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 80584849 5 Bytes JMP B8738728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8059056D 7 Bytes JMP B8738750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 80593435 5 Bytes JMP B87387FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80594DB6 7 Bytes JMP B87388BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 805983A2 7 Bytes JMP B8738865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80599783 7 Bytes JMP B8738839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B62C0 5 Bytes JMP B873873C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805E2166 5 Bytes JMP B87388FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 80635C83 5 Bytes JMP B873877A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 806550EA 7 Bytes JMP B87388E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 80655A23 7 Bytes JMP B87388A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 80655EA2 7 Bytes JMP B873884F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 80656395 5 Bytes JMP B8738913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 806567FE 5 Bytes JMP B8738927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9F7C360, 0x37388D, 0xE8000020]
.rsrc C:\WINDOWS\System32\DRIVERS\serial.sys entry point in ".rsrc" section [0xF7524094]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB7187400, 0x51DAE, 0xE0000020]
.protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".p" section [0xB71F1C20] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect’’’’hardlockentry point in ".protect’’’’hardlockentry point in ".p" section [0xB71F1C20]
.protect’’’’hardlockunknown last code section [0xB71F1A00, 0x5421, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB71F1A00, 0x5421, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[696] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0339000A
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03390F66
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0339005B
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03390F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03390F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03390FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 033900A2
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03390091
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03390F1D
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03390F2E
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 033900D1
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03390040
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03390FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03390076
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0339002F
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03390FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03390F3F
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03380039
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03380FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03380FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03380FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0338005E
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0338000A
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03380FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [58, 8B]
.text C:\Program Files\Internet Explorer\iexplore.exe[696] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03380FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[696] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03370025
.text C:\Program Files\Internet Explorer\iexplore.exe[696] msvcrt.dll!system 77C293C7 5 Bytes JMP 03370F9A
.text C:\Program Files\Internet Explorer\iexplore.exe[696] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03370000
.text C:\Program Files\Internet Explorer\iexplore.exe[696] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03370FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[696] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03370FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[696] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03370FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[696] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03310000
.text C:\Program Files\Internet Explorer\iexplore.exe[696] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03310FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[696] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03310FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[696] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 03310FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[696] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03360000
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0060
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0F6B
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0F86
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0F97
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0FA8
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0F18
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0F35
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD00A7
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD008C
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD0EF3
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0039
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F50
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\system32\services.exe[916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD0071
.text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00070F94
.text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060FB5
.text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FC6
.text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FE3
.text C:\WINDOWS\system32\services.exe[916] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[916] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[916] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0004001B
.text C:\WINDOWS\system32\services.exe[916] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00040FD4
.text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E20F6D
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E2006C
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E20F92
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E20FAF
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E20FCA
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E2007D
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E20F35
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E20F24
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E200BD
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E200CE
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E20051
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E2001B
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E20F5C
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E20FE5
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E20036
.text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E200A2
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D5002C
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50F9E
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D50011
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50FDB
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D5005B
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D50FB9
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F5, 88]
.text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50FCA
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D4005F
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40044
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40033
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D40FD4
.text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D40018
.text C:\WINDOWS\system32\lsass.exe[928] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D30000
.text C:\WINDOWS\system32\lsass.exe[928] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\lsass.exe[928] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D20FDE
.text C:\WINDOWS\system32\lsass.exe[928] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D20014
.text C:\WINDOWS\system32\lsass.exe[928] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D20FC3
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025A0000
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025A0F68
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025A005D
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025A0F83
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025A0F94
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025A0FB9
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025A00A6
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025A0095
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025A0F0D
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025A0F1E
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025A0EFC
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025A0040
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025A0FE5
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025A0078
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025A0FCA
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025A001B
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025A0F39
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02500025
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02500073
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02500014
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02500FDE
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02500058
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02500FEF
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02500047
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02500036
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024F0F95
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!system 77C293C7 5 Bytes JMP 024F0FA6
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024F0FC1
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024F0FE3
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024F0020
.text C:\WINDOWS\system32\svchost.exe[1108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024F0FD2
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 024D0FE5
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 024D0FCA
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 024D0FB9
.text C:\WINDOWS\system32\svchost.exe[1108] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 024D0014
.text C:\WINDOWS\system32\svchost.exe[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 024E000A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0F52
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0F6D
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0F7E
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0047
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0FB6
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0F24
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD006C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD0098
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0EFF
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD00B3
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0FA5
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0011
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F41
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0FDB
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD002C
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD007D
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FC0FCA
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FC0FB9
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FC0025
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FC006C
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FC0051
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FC0036
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E30042
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E30FB7
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E3000C
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E30027
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E10FE5
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E10FD4
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E10FAF
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E20000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03B60000
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03B60F7B
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03B60070
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03B6005F
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03B60FAC
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03B6003D
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03B600A1
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03B60F59
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03B60F34
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03B600CD
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03B600DE
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03B6004E
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03B60011
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03B60F6A
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03B60022
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03B60FDB
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03B600BC
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03B5002C
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03B50F9B
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03B50011
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03B50FE5
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03B50058
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03B50000
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03B50047
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03B50FC0
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02B2000A
.text C:\WINDOWS\System32\svchost.exe[1364] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 02A8000A
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03B40F89
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 03B40F9A
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03B40FAB
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03B40FEF
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03B4000A
.text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03B40FD2
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02A90FEF
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02A90FDE
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02A90FC3
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02A9001E
.text C:\WINDOWS\System32\svchost.exe[1364] WS2_32.dll!socket 71AB4211 5 Bytes JMP 039B0000
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008F0F39
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008F0F54
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008F0F6F
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008F002C
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008F0075
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008F0064
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008F00C6
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008F00A1
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008F0F08
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008F001B
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008F0FD4
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008F0053
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008F0F9E
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008F0FAF
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008F0090
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008E0036
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008E0F94
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008E0025
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008E0FE5
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008E0051
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008E0FAF
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AE, 88]
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008E0FCA
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0F8B
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0FA6
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0FD2
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D000C
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0FC1
.text C:\WINDOWS\system32\svchost.exe[1448] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D0FE3
.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 008C0FDE
.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 008C000A
.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 008C0FC3
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A80F57
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A80F72
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A80F8D
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A80040
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A80FB9
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A80F1F
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A80071
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A80093
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A80EFA
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A80EDF
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A80FA8
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A80000
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A80F46
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A80FCA
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A8001B
.text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A80082
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A70036
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A7007D
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A70FDB
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A70011
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A7006C
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A70000
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A7005B
.text C:\WINDOWS\System32\svchost.exe[1560] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A70FCA
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A60F64
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A60F89
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A60FB5
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A60F9A
.text C:\WINDOWS\System32\svchost.exe[1560] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A60FD2
.text C:\WINDOWS\System32\svchost.exe[1560] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00A40000
.text C:\WINDOWS\System32\svchost.exe[1560] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00A4001B
.text C:\WINDOWS\System32\svchost.exe[1560] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00A40FE5
.text C:\WINDOWS\System32\svchost.exe[1560] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\System32\svchost.exe[1560] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0F3F
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0F50
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0F61
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0F72
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0F83
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE0F00
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0F11
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE0ED1
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE0074
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE0085
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE000A
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE0FCA
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0F2E
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE0F9E
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE0FB9
.text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE0063
.text C:\WINDOWS\System32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\System32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC006C
.text C:\WINDOWS\System32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0011
.text C:\WINDOWS\System32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\System32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0FAF
.text C:\WINDOWS\System32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC0000
.text C:\WINDOWS\System32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC0051
.text C:\WINDOWS\System32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0036
.text C:\WINDOWS\System32\svchost.exe[1748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0047
.text C:\WINDOWS\System32\svchost.exe[1748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0036
.text C:\WINDOWS\System32\svchost.exe[1748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\svchost.exe[1748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\System32\svchost.exe[1748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB001B
.text C:\WINDOWS\System32\svchost.exe[1748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FC6
.text C:\WINDOWS\System32\svchost.exe[1748] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B90000
.text C:\WINDOWS\System32\svchost.exe[1748] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\System32\svchost.exe[1748] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B90011
.text C:\WINDOWS\System32\svchost.exe[1748] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00B90FB6
.text C:\WINDOWS\System32\svchost.exe[1748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BA000A
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90000
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90054
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90F55
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90F66
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90F8D
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90FAF
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90F0E
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E90F29
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90096
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E9007B
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E90EE2
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90F9E
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E90F3A
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90025
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E90FD4
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E90EFD
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DC0F9E
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DC0025
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DC0FAF
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DC0014
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DC0F72
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FC, 88]
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DC0F83
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0FC8
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0FD9
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB002E
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0000
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0049
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB0011
.text C:\WINDOWS\System32\svchost.exe[1756] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\System32\svchost.exe[1756] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D90014
.text C:\WINDOWS\System32\svchost.exe[1756] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D90FDE
.text C:\WINDOWS\System32\svchost.exe[1756] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D9002F
.text C:\WINDOWS\System32\svchost.exe[1756] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DA0000
.text C:\WINDOWS\Explorer.EXE[1976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[1976] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02ED0FEF
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02ED00AB
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02ED0FB6
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02ED008E
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02ED0073
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02ED003D
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02ED00D7
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02ED00C6
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02ED0F3E
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02ED0F59
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02ED00F2
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02ED0058
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02ED000A
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02ED0F9B
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02ED002C
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02ED001B
.text C:\WINDOWS\Explorer.EXE[1976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02ED0F74
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02EC0FDE
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02EC0FA5
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02EC002F
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02EC0FEF
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02EC006C
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02EC0000
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02EC005B
.text C:\WINDOWS\Explorer.EXE[1976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02EC004A
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02EB0FA6
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!system 77C293C7 5 Bytes JMP 02EB0FB7
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02EB0FE3
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02EB000C
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02EB0FC8
.text C:\WINDOWS\Explorer.EXE[1976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02EB001D
.text C:\WINDOWS\Explorer.EXE[1976] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0216000A
.text C:\WINDOWS\Explorer.EXE[1976] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02160FEF
.text C:\WINDOWS\Explorer.EXE[1976] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02160025
.text C:\WINDOWS\Explorer.EXE[1976] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02160040
.text C:\WINDOWS\Explorer.EXE[1976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02870000
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DF000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0037001E
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00370FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00370FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370F97
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00370039
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380FB0
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] msvcrt.dll!system 77C293C7 5 Bytes JMP 00380FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00380016
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00380031
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3528] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DF000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370051
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00370FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0037001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370F94
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00370040
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] msvcrt.dll!system 77C293C7 5 Bytes JMP 00380FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00380011
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380000
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00380022
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3552] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00DF000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00370FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00370011
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370F79
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00370F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [57, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380031
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] msvcrt.dll!system 77C293C7 5 Bytes JMP 00380FA6
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0038000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00380FB7
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3624] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\DRIVERS\serial.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Edited by BolivianFuego, 25 April 2010 - 05:45 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 26 April 2010 - 12:56 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.





Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 BolivianFuego

BolivianFuego
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 26 April 2010 - 04:29 PM

Hey! Thanks for the reply!

I did everything asked, I turned off my mcafee virus scan, and used combofix.

I did everything, but while scanning I guess it got blue screened. This is what came up. What does this mean? This is my screen cap:



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 26 April 2010 - 06:30 PM

Try to reboot...
Are you still unable to boot?

If you are unable to boot then please do this...........

We need to create an OTL ReportAfter you have successfully burned the OTLPE ISO to disc you will need to transfer the disc to the CD drive of your sick computer and boot from it.
  • Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
    • Your PC should now boot from your CD.
    • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
  • Please be patient as "Windows" loads
  • Your system should now display a REATOGO-X-PE desktop.
  • Double click on the icon on your desktop.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
    • Copy and Paste the following code into the textbox. Do not include the word "Code"

      Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.


      CODE
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      /md5start
      serial.sys
      userinit.exe
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      CREATERESTOREPOINT
    • Push
    • When finished, the file will be saved in drive C:\OTL.txt
    • Please post the contents of the C:\OTL.txt file in your next reply.
    • Copy this file to your USB drive if you do not have an internet connection.


==========

Please next do this.............
  • Click on Start, then Run.
  • Copy and Paste the green bold text below in to the Run Box:

cmd /c dir /a /s C:\QooBox >log.txt&start log.txt

  • Then click on OK.
  • A Text File will open up, please Copy and Paste the contents in your next reply.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 BolivianFuego

BolivianFuego
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 26 April 2010 - 06:41 PM

What do you mean reboot?

I stepped away from my computer while I let it scan after being successful with the recovery console.

I let it scan for malware, and when i came back after about 15 mins, my computer had that blue screen. I turned it off, and turned it back on, and it started like normal. Is that what you mean? Because it booted up like normal after that.


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 26 April 2010 - 08:37 PM

Excellent!!

So you are able to boot normally! I was under the impression that your computer would not run.

Please do this....

I need to see the log created from the Combofix run.

You will find the ComboFix.txt in one of 2 locations.

QUOTE
C:\QooBox\Combofix.txt

-or-

C:\Combofix.txt


Copy and paste the log in your next reply for my review.

Thanks,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 BolivianFuego

BolivianFuego
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 26 April 2010 - 09:38 PM

Checked both locations..... its not there! What does that mean?? sad.gif

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 26 April 2010 - 09:46 PM

Might mean that Combofix did not run all the way through.

Do this please......

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"


    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    serial.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 BolivianFuego

BolivianFuego
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 26 April 2010 - 10:54 PM

I just tried to send the text in a reply, but i think its too much because it wont let me submit it.

Should I upload the .txt files?

Edited by BolivianFuego, 26 April 2010 - 10:56 PM.


#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 27 April 2010 - 06:42 AM

You can either upload it or copy and paste it over several posts.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 BolivianFuego

BolivianFuego
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 27 April 2010 - 09:41 AM

OTL File.



Extras File.

Attached Files



#12 BolivianFuego

BolivianFuego
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 27 April 2010 - 09:46 AM

Also let me add, after doing that scan, all hidden files are showing now. Why is this?

#13 BolivianFuego

BolivianFuego
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 27 April 2010 - 12:03 PM

Ok nevermind. I restarted my computer and all the 'ghost' looking files went back to hidden I assume.

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 27 April 2010 - 03:09 PM

See the next post for instructions. thumbup2.gif

Thanks,
~ t

==========

OTL logfile created on: 4/26/2010 10:58:12 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Da' Man\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 3.13 Gb Free Space | 2.80% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 40.87 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW
Current User Name: Da' Man
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/26 22:56:26 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Da' Man\Desktop\OTL.exe
PRC - [2010/03/22 16:14:59 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/13 18:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2010/01/13 11:42:06 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/16 18:02:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Modules (SafeList) ==========

MOD - [2010/04/26 22:56:26 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Da' Man\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/12 15:18:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2003/06/16 18:02:24 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/11/18 23:00:47 | 000,458,752 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2008/11/18 23:00:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wnsdrvr.sys -- (WnsDrvr)
DRV - [2008/07/07 03:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-1214440339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
IE - HKU\S-1-5-21-746137067-1214440339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://k20a.org/forum/
IE - HKU\S-1-5-21-746137067-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/23 14:42:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/22 16:20:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1214440339-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1214440339-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-746137067-1214440339-682003330-1004\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1214440339-682003330-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1214440339-682003330-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1219711304117 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1219721579890 (MUWebControl Class)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.com/cab/downloader.cab (DLoader Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://67.154.21.186:8002/bl_camera.cab (BL_Camera)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/dsl_settings/...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.99.1 71.252.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Da' Man\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Da' Man\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/25 20:04:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bb5ac463-c9a3-11de-87dd-0018010e3d1a}\Shell\AutoRun\command - "" = I:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{bb5ac463-c9a3-11de-87dd-0018010e3d1a}\Shell\Setup FlipShare\command - "" = I:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/25 20:17:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - File not found
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - File not found
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {641A15FC-95C6-298A-2743-2B54A56B1639} - Browser Customizations
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {739FC614-D7DE-B999-8603-D9B42FBBE3BF} - Internet Explorer
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (11272609819787264)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Da' Man\Desktop\thcbytes.exe
[2010/04/26 22:55:56 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Da' Man\Desktop\OTL.exe
[2010/04/26 18:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\New Folder (2)
[2010/04/26 16:18:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/26 16:15:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/26 16:15:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/26 16:15:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/26 16:15:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/26 16:15:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/26 16:15:33 | 000,000,000 | --SD | C] -- C:\thcbytes
[2010/04/26 16:14:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/24 14:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Hell Rell - Bullpen Therapy
[2010/04/24 03:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/23 12:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/23 12:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/22 22:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Gucci_Mane-The_Burrrprint_2_HD-2010-CR
[2010/04/22 22:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/22 22:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/19 22:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Max B & Mak Mustard - Dopeman (Public Domain 6.5)-2010
[2010/04/15 16:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Ashley Dupree - Playboy Pics
[2010/04/15 16:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Kelly Bensimon Playboy
[2010/04/15 16:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Tara Reid - Playboy
[2010/04/15 11:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\New Folder
[2010/04/14 18:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Cut Copy - In Ghost Colours
[2010/04/13 15:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Cut Copy - Bright Like Neon Love
[2010/04/13 12:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Shiny Toy Guns - Girls Le Disko (2009) DHZ Inc Release
[2010/04/12 22:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\shiny toy guns - Season of Poison
[2010/04/12 21:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Shiny Toy Guns - We Are Pilots
[2010/04/12 19:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Application Data\U3
[2010/04/12 14:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Shiest_Bubz-Presents_Candyland_(Hosted_By_Big_Mike)
[2010/04/10 12:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\House Mix 2010 - April
[2010/04/10 11:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/10 11:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/04/09 11:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Dj Delz-Strictly For The Streets Volume one
[2010/04/08 18:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Ganging Up On The Sun
[2010/04/06 15:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\G35 - April 6th 2010
[2010/04/01 19:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\VA-Dame_Dash_Presents_Paid_In_Full_Soundtrack-2CD-2002-MVR
[2010/03/31 21:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Usher-Raymond_V_Raymond-2010-CR
[2010/03/31 20:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Da' Man\Desktop\Camron - Confessions of Fire (1998)
[2010/03/30 15:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/03/30 13:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 13:04:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 13:04:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 13:04:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/26 22:57:32 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1214440339-682003330-1004.job
[2010/04/26 22:57:31 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1214440339-682003330-1004.job
[2010/04/26 22:56:26 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Da' Man\Desktop\OTL.exe
[2010/04/26 19:58:50 | 000,220,160 | ---- | M] () -- C:\Documents and Settings\Da' Man\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/26 17:25:05 | 000,222,881 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\IMG_9848.JPG
[2010/04/26 17:02:45 | 000,026,939 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/26 17:01:54 | 000,190,661 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/26 17:01:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/26 17:01:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 16:18:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/25 15:51:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\tuwxvpww.exe
[2010/04/24 17:14:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/24 14:20:32 | 004,909,545 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\N.E.R.D - Hot N' Fun (feat. Nelly Furtado).mp3
[2010/04/24 11:02:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 10:58:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Da' Man\ntuser.ini
[2010/04/24 10:50:37 | 005,361,484 | -H-- | M] () -- C:\Documents and Settings\Da' Man\Local Settings\Application Data\IconCache.db
[2010/04/23 16:40:17 | 000,011,905 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\Thanks to Umbro Boy.docx
[2010/04/23 14:16:23 | 000,135,295 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\Big Soccer Virus.jpg
[2010/04/23 12:53:54 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/22 22:30:31 | 011,370,057 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\(5) Groove Cutter - My Shooter.mp3
[2010/04/22 22:23:05 | 000,001,136 | -HS- | M] () -- C:\Documents and Settings\Da' Man\Local Settings\Application Data\Mi715R2
[2010/04/22 22:23:05 | 000,001,136 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\Mi715R2
[2010/04/22 22:22:49 | 000,223,232 | -HS- | M] () -- C:\Documents and Settings\Da' Man\Local Settings\Application Data\MSASCui.exe
[2010/04/21 11:46:57 | 005,344,038 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\MLS OF - Edit Data 1.2.rar
[2010/04/17 13:48:02 | 008,839,168 | ---- | M] () -- C:\Documents and Settings\Da' Man\ntuser.dat
[2010/04/15 19:23:04 | 015,929,344 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\Benny Benassi vs Public Enemy - Bring The Noise (Pump-kin RMX).mp3
[2010/04/15 01:27:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/15 00:47:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 11:30:27 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Da' Man\My Documents\Aris Mania Username password.doc
[2010/04/12 22:28:41 | 000,123,563 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\Moreno Goal.jpg
[2010/04/12 22:25:04 | 000,126,949 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\Moreno GOT 'EM.jpg
[2010/04/12 20:30:12 | 008,989,305 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\PES 2010 MLS OF - 1.1.rar
[2010/04/10 21:55:20 | 008,762,523 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\Lynyrd Skynrd - Freebird.mp3
[2010/04/10 21:55:14 | 000,013,113 | -HS- | M] () -- C:\Documents and Settings\Da' Man\Desktop\AlbumArt_{4E590040-B31B-41DB-97FD-8A0103151746}_Large.jpg
[2010/04/10 21:55:11 | 000,002,978 | -HS- | M] () -- C:\Documents and Settings\Da' Man\Desktop\AlbumArt_{4E590040-B31B-41DB-97FD-8A0103151746}_Small.jpg
[2010/04/08 22:27:29 | 004,503,172 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\11.Max__B_Feat._Bomshot-Ever_see_The_Streets_Again.mp3
[2010/04/08 22:24:01 | 004,235,199 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\Cam'ron - Sorry BOSS OF ALL BOSSES 2.5.mp3
[2010/04/01 21:24:47 | 000,388,628 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\CC_dads_first.jpg
[2010/04/01 01:00:10 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/03/30 13:24:00 | 000,312,700 | ---- | M] () -- C:\Documents and Settings\Da' Man\Desktop\oscars-girlfriend.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/27 06:15:10 | 000,222,881 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\IMG_9848.JPG
[2010/04/26 16:18:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/26 16:18:20 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/26 16:15:59 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/26 16:15:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/26 16:15:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/26 16:15:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/26 16:15:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/25 15:51:08 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\tuwxvpww.exe
[2010/04/24 14:20:24 | 004,909,545 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\N.E.R.D - Hot N' Fun (feat. Nelly Furtado).mp3
[2010/04/23 14:16:21 | 000,135,295 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\Big Soccer Virus.jpg
[2010/04/23 12:53:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/23 12:52:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/22 22:30:18 | 011,370,057 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\(5) Groove Cutter - My Shooter.mp3
[2010/04/22 22:23:05 | 000,001,136 | -HS- | C] () -- C:\Documents and Settings\Da' Man\Local Settings\Application Data\Mi715R2
[2010/04/22 22:23:05 | 000,001,136 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Mi715R2
[2010/04/22 22:22:49 | 000,223,232 | -HS- | C] () -- C:\Documents and Settings\Da' Man\Local Settings\Application Data\MSASCui.exe
[2010/04/21 11:46:52 | 005,344,038 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\MLS OF - Edit Data 1.2.rar
[2010/04/17 13:48:02 | 008,839,168 | ---- | C] () -- C:\Documents and Settings\Da' Man\ntuser.dat
[2010/04/15 19:22:59 | 015,929,344 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\Benny Benassi vs Public Enemy - Bring The Noise (Pump-kin RMX).mp3
[2010/04/13 11:30:26 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Da' Man\My Documents\Aris Mania Username password.doc
[2010/04/12 22:28:40 | 000,123,563 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\Moreno Goal.jpg
[2010/04/12 22:25:03 | 000,126,949 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\Moreno GOT 'EM.jpg
[2010/04/12 20:29:22 | 008,989,305 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\PES 2010 MLS OF - 1.1.rar
[2010/04/10 21:55:14 | 000,013,113 | -HS- | C] () -- C:\Documents and Settings\Da' Man\Desktop\AlbumArt_{4E590040-B31B-41DB-97FD-8A0103151746}_Large.jpg
[2010/04/10 21:55:14 | 000,002,978 | -HS- | C] () -- C:\Documents and Settings\Da' Man\Desktop\AlbumArt_{4E590040-B31B-41DB-97FD-8A0103151746}_Small.jpg
[2010/04/08 22:27:27 | 004,503,172 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\11.Max__B_Feat._Bomshot-Ever_see_The_Streets_Again.mp3
[2010/04/08 22:23:57 | 004,235,199 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\Cam'ron - Sorry BOSS OF ALL BOSSES 2.5.mp3
[2010/04/01 21:25:39 | 000,388,628 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\CC_dads_first.jpg
[2010/03/30 13:21:27 | 000,312,700 | ---- | C] () -- C:\Documents and Settings\Da' Man\Desktop\oscars-girlfriend.jpg
[2009/11/18 20:29:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/03/31 14:36:50 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\Chip.dll
[2008/11/18 23:00:42 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\ROBOEX32.DLL
[2008/11/18 23:00:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\EFSComm.dll
[2008/08/25 20:58:40 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/25 20:31:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002/11/14 12:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 12:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 12:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 12:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 12:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

========== LOP Check ==========

[2008/09/01 20:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/03/30 15:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/09/25 16:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/08/25 21:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/02 13:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/10/01 14:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Aim
[2010/04/26 23:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Azureus
[2009/02/22 15:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\DeepBurner
[2009/11/17 20:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Megaupload
[2008/11/19 00:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Publish Providers
[2009/03/04 23:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Red Kawa
[2008/12/28 00:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Research In Motion
[2008/09/25 16:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\River Past G5
[2008/11/19 00:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Sony
[2009/04/10 20:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Viewpoint
[2009/05/25 18:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/04/15 01:27:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/04/01 01:00:10 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2010/01/26 17:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/08/26 13:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2008/08/31 19:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/26 20:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/09/21 23:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/09/01 20:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/09/12 15:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/10/12 23:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/09/14 19:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/10 12:17:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/04/15 00:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/12/31 14:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/08/26 22:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/12/01 17:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/04/01 00:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/30 15:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/09/25 16:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/10/15 03:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2010/03/30 13:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/07/16 16:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2008/08/25 21:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/25 21:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/02 13:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 15:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2010/02/02 13:31:24 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
[2008/08/26 13:54:18 | 001,145,896 | ---- | M] (Google) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_401601_signed.exe
[2008/08/26 13:50:39 | 000,075,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\sgc15.exe

< %APPDATA%\*. >
[2008/10/11 20:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\AccurateRip
[2009/09/12 15:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Adobe
[2008/10/01 14:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Aim
[2010/02/02 16:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Apple Computer
[2009/09/21 23:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\AVS4YOU
[2010/04/26 23:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Azureus
[2009/02/22 15:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\DeepBurner
[2008/08/26 13:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\DivX
[2009/09/27 19:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\dvdcss
[2009/04/16 09:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Help
[2008/08/25 20:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Identities
[2008/08/25 21:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Macromedia
[2008/08/26 01:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\McAfee
[2009/11/17 20:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Megaupload
[2008/11/18 23:38:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Da' Man\Application Data\Microsoft
[2009/07/16 16:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Motive
[2010/04/10 12:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Move Networks
[2008/11/19 00:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Publish Providers
[2010/03/22 16:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Real
[2009/03/04 23:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Red Kawa
[2008/12/28 00:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Research In Motion
[2008/09/25 16:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\River Past G5
[2008/11/19 00:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Sony
[2008/12/17 10:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Sun
[2010/04/12 19:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\U3
[2009/07/16 16:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Verizon
[2009/04/10 20:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Viewpoint
[2008/09/01 11:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\vlc
[2009/09/05 14:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\Winamp
[2008/08/26 15:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Da' Man\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2009/02/23 23:03:06 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Da' Man\Application Data\Microsoft\Installer\{195CE695-1592-492A-A2FE-32757010CF3F}\BlackBerry.exe
[2008/11/18 23:38:11 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Da' Man\Application Data\Microsoft\Installer\{8BC826C5-DFBF-4E3E-AF23-3A88F8BE6AC9}\ARPPRODUCTICON.exe
[2008/12/28 18:52:40 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Da' Man\Application Data\Microsoft\Installer\{9C297F7B-468C-4FD1-9093-25B623BDB0D1}\BlackBerry.exe
[2009/10/26 13:24:13 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Da' Man\Application Data\Microsoft\Installer\{EE031CEC-748D-429A-9A5C-8C53CD193335}\ARPPRODUCTICON.exe
[2009/06/16 02:35:42 | 000,097,144 | ---- | M] () -- C:\Documents and Settings\Da' Man\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/08/25 21:53:42 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/25 23:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/25 21:53:42 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/25 23:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/08/25 21:53:42 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/25 23:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/25 21:53:42 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/25 23:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/16 16:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERIAL.SYS >
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:serial.sys
[2008/08/25 21:53:42 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:serial.sys
[2008/08/25 23:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:serial.sys
[2008/08/25 21:53:42 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:serial.sys
[2008/08/25 23:55:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:serial.sys
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\ServicePackFiles\i386\serial.sys
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\system32\drivers\serial.sys
[2004/08/04 02:15:52 | 000,064,896 | ---- | M] (Microsoft Corporation) MD5=CD9404D115A00D249F70A371B46D5A26 -- C:\WINDOWS\$NtServicePackUninstall$\serial.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2008/06/19 05:13:01 | 000,104,064 | R--- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\WINDOWS\system32\drivers\viamraid.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/25 15:53:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/25 15:53:11 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/25 15:53:11 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

==========

OTL Extras logfile created on: 4/26/2010 10:58:12 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Da' Man\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 3.13 Gb Free Space | 2.80% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 40.87 Gb Free Space | 8.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW
Current User Name: Da' Man
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\system32\curiki.dll" = %windir%\system32\curiki.dll:*:Enabled:curiki.dll -- File not found
"%windir%\system32\ltmbm16.ocx" = %windir%\system32\ltmbm16.ocx:*:Enabled:ltmbm16.ocx -- (Tv-U Net Plugin)
"%windir%\system32\TV_View_Plugin_4.7.ocx" = %windir%\system32\TV_View_Plugin_4.7.ocx:*:Enabled:TV_View_Plugin_4.7.ocx -- (TV View Net Plugin)
"C:\Program Files\sina\SAP\SAPlatform.exe" = C:\Program Files\sina\SAP\SAPlatform.exe:*:Enabled:SAPlatform.exe -- (北京新浪网络技术服务有限公司)
"C:\Program Files\River Past\Video Cleaner\VideoCleaner.exe" = C:\Program Files\River Past\Video Cleaner\VideoCleaner.exe:*:Enabled:River Past Video Cleaner -- File not found
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (SM) -- (America Online, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Documents and Settings\Da' Man\Desktop\PortChkPES2010USPS3.exe" = C:\Documents and Settings\Da' Man\Desktop\PortChkPES2010USPS3.exe:*:Enabled:Port Checker -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{141F2872-D2F9-4A89-95D3-E222D1CBCC56}" = Vz In Home Agent
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{195CE695-1592-492A-A2FE-32757010CF3F}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25AF0BD1-DF07-4447-8E91-28E99617C556}" = DeadAIM
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 19
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48EB9208-593D-4DC7-B613-9C5A210D87BA}" = Sony Sound Forge 8.0b
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC826C5-DFBF-4E3E-AF23-3A88F8BE6AC9}" = LG Download VX8500 DLL
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9C297F7B-468C-4FD1-9093-25B623BDB0D1}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE031CEC-748D-429A-9A5C-8C53CD193335}" = BlackBerry Device Software Updater
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F91819EA-B57E-11D4-8BA4-00105A75EEEB}" = LGDownload
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 0.9.12
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"AOL Instant Messenger (SM)" = AOL Instant Messenger (SM)
"AviSynth" = AviSynth 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"ENTERPRISE" = Microsoft Office Enterprise 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LG USB Drivers" = LG USB Drivers
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.2.1 build 8
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Sina Web TV" = Sina Web TV
"SopCast" = SopCast 2.0.4
"Soulseek" = SoulSeek Client 156c
"TV View Plugin 4.7 Setup" = TV View Plugin 4.7 Setup
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Videora iPod Converter" = Videora iPod Converter 4.06
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-1214440339-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2009 2:07:37 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:10:37 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:10:37 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:13:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/16/2009 2:13:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:16:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:16:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:19:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:19:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:22:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ Application Events ]
Error - 7/16/2009 2:07:37 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:10:37 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:10:37 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:13:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/16/2009 2:13:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:16:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:16:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:19:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:19:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/16/2009 2:22:52 PM | Computer Name = ANDREW | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 4/25/2010 6:33:15 PM | Computer Name = ANDREW | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/25/2010 6:33:15 PM | Computer Name = ANDREW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/25/2010 6:33:36 PM | Computer Name = ANDREW | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/25/2010 6:33:36 PM | Computer Name = ANDREW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/25/2010 6:41:14 PM | Computer Name = ANDREW | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/25/2010 6:41:14 PM | Computer Name = ANDREW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/26/2010 5:02:00 PM | Computer Name = ANDREW | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/26/2010 5:02:00 PM | Computer Name = ANDREW | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/26/2010 11:10:22 PM | Computer Name = ANDREW | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/26/2010 11:10:22 PM | Computer Name = ANDREW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

Edited by thcbytes, 27 April 2010 - 03:25 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 27 April 2010 - 03:23 PM

Hello

1st. Please note.....

excl.gif P2P Warning excl.gif

Your log indicates that you have Vuze/Azureus installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall Vuze/Azureus, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


==========

Please do this..........

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    File not found -- C:\Documents and Settings\Da' Man\Desktop\thcbytes.exe
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    :Files
    C:\WINDOWS\Driver Cache\i386\sp1.cab:serial.sys /e
    C:\WINDOWS\system32\drivers\serial.sys|c:\serial.sys /replace

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

==========

Re-run Gmer and post a log!

==========

With your next post please provide:

* OTL fix log
* MBAM log
* ESET log
* Gmer log
* How is your computer running now? What problems persist?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users