Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my hijack logs


  • This topic is locked This topic is locked
8 replies to this topic

#1 morfia

morfia

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 12 May 2010 - 01:55 PM

I recently got a usb virus that spread through all my computers and my data being comprimised by hackers.

I installed more than one anti-virus i just want to confirm that the virus is gone. As new virsus have less chance of getting detected my anti virus.



OTL logfile created on: 5/12/2010 10:25:22 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\test\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 443.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 66.38 Gb Free Space | 89.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST-20BFE89AFD
Current User Name: test
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/12 10:17:15 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/08 17:04:56 | 003,021,208 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/02/03 21:16:40 | 001,179,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2010/01/05 18:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/01/05 18:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/07/03 04:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 10:17:15 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2008/04/14 05:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (mnmsrvc)
SRV - [2010/05/10 05:15:09 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/07 18:19:06 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010/01/05 18:04:02 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/01/05 18:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/01/05 18:04:02 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2009/12/30 18:13:18 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/01/14 16:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 16:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/01/14 16:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/05 18:04:02 | 000,312,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/01/05 18:04:02 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/05 18:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/01/05 18:04:02 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/01/05 18:04:02 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/05 18:04:02 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/01/05 18:04:02 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/01/05 18:04:02 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/01/05 17:04:02 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/05 17:04:02 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:24:38 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2007/07/25 16:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/05/02 11:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/10/14 20:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/05/09 15:43:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/10 05:23:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/06 15:05:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/05/06 10:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Mozilla\Extensions
[2010/05/07 08:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\6fooblzy.default\extensions
[2010/05/06 10:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/05 18:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2010/05/12 10:21:20 | 000,392,702 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13564 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100510052343.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/10 15:38:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: EventSystem - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/10 08:04:29 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: winmgmt - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/05/12 10:17:12 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
[2010/05/12 10:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Malwarebytes
[2010/05/12 05:11:48 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/05/12 05:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/12 05:11:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/05/12 05:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/12 04:57:21 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/05/10 05:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/05/10 05:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/05/10 05:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\Citrix
[2010/05/09 15:34:54 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/05/09 15:34:48 | 000,312,584 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/05/09 15:34:48 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/05/09 15:34:48 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/05/09 15:34:48 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/05/09 15:34:48 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/05/09 15:34:48 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/05/09 15:34:47 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/05/09 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/05/09 15:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/05/09 15:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/05/09 15:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/05/07 18:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/05/07 18:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/05/07 08:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\My Documents\Downloads
[2010/05/06 16:46:11 | 034,596,344 | ---- | C] (PC Tools ) -- C:\Documents and Settings\test\Desktop\7.0.0.538f-sdasetup.exe
[2010/05/06 16:40:03 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/05/06 16:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\test
[2010/05/06 16:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/05/06 10:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\Mozilla
[2010/05/06 10:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Mozilla
[2010/05/06 10:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/06 07:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2010/05/06 07:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2010/05/06 06:16:01 | 000,059,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/05/06 06:16:00 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/05/06 06:16:00 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/05/06 06:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/05/05 10:21:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\test\Recent
[2010/05/05 08:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\k
[2010/05/03 21:16:51 | 000,188,416 | ---- | C] (brother) -- C:\WINDOWS\System32\Pdrvinst.dll
[2010/05/03 21:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2010/05/03 21:16:45 | 000,081,920 | ---- | C] (brother) -- C:\WINDOWS\System32\BrWebIns.dll
[2010/05/03 21:16:44 | 000,065,536 | ---- | C] (brother) -- C:\WINDOWS\System32\BRWEBUP.EXE
[2010/05/03 21:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010/05/03 21:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2010/05/03 21:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/03 21:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2010/05/02 21:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/04/30 05:36:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/04/27 17:42:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/27 10:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/23 09:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/23 09:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/23 09:27:09 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\test\Desktop\spybotsd162.exe
[2010/04/22 13:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\ESET
[2010/04/22 13:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/22 13:24:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/22 09:10:19 | 000,611,624 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\test\Desktop\GetSystemInfo.exe
[2010/04/20 15:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\GlobalSCAPE
[2010/04/20 15:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\GlobalSCAPE
[2010/04/20 15:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/04/20 15:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
[2010/04/19 11:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\ATI
[2010/04/19 11:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\ATI
[2010/04/19 11:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/04/19 10:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/19 10:51:00 | 000,000,000 | ---D | C] -- C:\DRIVERS
[2010/04/18 19:09:43 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/04/18 07:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/18 07:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/04/18 07:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/18 06:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/18 06:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/18 06:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\Adobe
[2010/04/18 06:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/04/16 15:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Malwarebytes
[2010/04/16 15:48:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/16 15:48:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/16 15:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/16 15:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/16 09:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\The_Cover_All_Stars-Instrumental_Tribute_To_Lady_GaGa-2010-VAG
[2010/04/15 08:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\Prince [2010] - Tamil Version - TamilGears.Com
[2010/04/15 04:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\Threat Expert
[2010/04/15 04:41:47 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/04/15 04:41:45 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/15 04:41:45 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/04/15 04:37:05 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/15 04:36:51 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/15 04:36:51 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/15 04:36:36 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/15 04:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/15 04:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/15 04:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\PC Tools
[2010/04/15 04:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/15 04:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/13 17:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\fave dancehall
[2010/04/13 16:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\VA-Best_Of_Ragga_Dancehall-2CD-2007-H5N1
[2010/04/13 15:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\Reggae.Dancehall.Singles.Part.2.[2010]
[2010/04/13 06:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\Identities
[2010/04/12 07:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Tracing
[2010/04/12 07:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/12 07:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/12 07:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/12 07:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/11 20:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/11 10:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/11 10:54:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/11 08:46:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/11 07:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\Jay Sean - All Or Nothing [www.worldwidedesis.com]
[2010/04/11 07:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\tune
[2010/04/11 05:38:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/11 05:29:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\Desktop\Sean_Paul-Dutty_Rock-CD-2002-JAH
[2010/04/10 17:28:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\My Documents\My Videos
[2010/04/10 17:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\Design Studio Inc - Reggaeton Volume 2
[2010/04/10 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\WinRAR
[2010/04/10 17:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\My Documents\My Recordings
[2010/04/10 17:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Acoustica
[2010/04/10 17:23:41 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\WINDOWS\System32\Wnaspint.dll
[2010/04/10 17:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Spin It Again
[2010/04/10 17:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects
[2010/04/10 17:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\VST
[2010/04/10 17:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Mixcraft 5
[2010/04/10 17:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2010/04/10 17:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/10 17:13:47 | 001,285,632 | ---- | C] (Analog Devices) -- C:\WINDOWS\System32\SMMedia.dll
[2010/04/10 17:13:47 | 000,030,208 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\wdmioctl.dll
[2010/04/10 17:13:45 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/04/10 17:13:45 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/04/10 17:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/04/10 17:13:44 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/10 17:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/10 16:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Macromedia
[2010/04/10 16:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Adobe
[2010/04/10 16:55:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/10 16:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/04/10 16:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\WLANINT2
[2010/04/10 16:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\ETHERNET
[2010/04/10 16:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop\AUDIO
[2010/04/10 16:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Identities
[2010/04/10 16:16:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\My Documents\My Pictures
[2010/04/10 16:16:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\My Documents\My Music
[2010/04/10 16:16:12 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/04/10 16:16:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\test\Local Settings\Application Data\Microsoft
[2010/04/10 16:16:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\test\Application Data\Microsoft
[2010/04/10 16:16:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\test\Application Data
[2010/04/10 16:16:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\My Documents
[2010/04/10 16:16:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\Favorites
[2010/04/10 16:16:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\test\Cookies
[2010/04/10 16:16:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\test\NetHood
[2010/04/10 16:16:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\test\Local Settings
[2010/04/10 16:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop
[2010/04/10 16:15:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\test\SendTo
[2010/04/10 16:15:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\Start Menu
[2010/04/10 16:15:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\test\Templates
[2010/04/10 16:15:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\test\PrintHood
[2010/04/10 16:15:57 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/10 16:13:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/10 16:13:40 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/04/10 16:13:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/10 16:13:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/10 15:44:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/10 15:44:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/10 15:38:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/04/10 15:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/04/10 15:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/04/10 15:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/04/10 15:37:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/04/10 15:37:01 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/04/10 15:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/04/10 15:36:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/04/10 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/10 15:36:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/04/10 15:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/10 15:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/04/10 15:35:43 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/04/10 15:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/04/10 15:35:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/04/10 15:35:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/04/10 15:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/04/10 15:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/04/10 15:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/04/10 15:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/04/10 15:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/04/10 15:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/04/10 15:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/04/10 15:34:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/04/10 15:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/04/10 15:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/04/10 15:17:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/04/10 15:17:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/04/10 15:17:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/10 08:11:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/04/10 08:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/04/10 08:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/04/10 08:10:46 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/04/10 08:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/04/10 08:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/04/10 08:10:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/04/10 08:10:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/04/10 08:10:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/04/10 08:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/04/10 08:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/04/10 08:10:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/04/10 08:10:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/04/10 08:09:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/04/10 08:09:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/04/10 08:09:34 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/10 08:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/04/10 08:03:20 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/04/10 08:03:20 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/04/10 08:03:20 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/10 08:03:20 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/04/10 08:03:20 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/04/10 08:03:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\inf
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/04/10 08:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/12 10:21:54 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/05/12 10:21:20 | 000,392,702 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/12 10:21:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/12 10:21:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/12 10:20:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\test\ntuser.ini
[2010/05/12 10:20:21 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\test\NTUSER.DAT
[2010/05/12 10:20:19 | 002,656,656 | -H-- | M] () -- C:\Documents and Settings\test\Local Settings\Application Data\IconCache.db
[2010/05/12 10:17:15 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
[2010/05/12 05:11:52 | 000,001,971 | ---- | M] () -- C:\Documents and Settings\test\Desktop\SpyHunter.lnk
[2010/05/12 05:09:29 | 001,074,232 | ---- | M] () -- C:\Documents and Settings\test\Desktop\RootkitBuster_2.80.1077.zip
[2010/05/12 04:57:21 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/05/12 04:44:54 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\test\Desktop\HiJackThis.lnk
[2010/05/10 11:02:23 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\test\Desktop\NoAutoRun.reg
[2010/05/10 08:50:09 | 000,000,539 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/10 08:50:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/10 08:50:09 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/05/09 15:47:47 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\test\Desktop\McAfee AntiVirus Plus.lnk
[2010/05/09 09:26:29 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Spybot - Search & Destroy.lnk
[2010/05/06 16:46:16 | 034,596,344 | ---- | M] (PC Tools ) -- C:\Documents and Settings\test\Desktop\7.0.0.538f-sdasetup.exe
[2010/05/06 10:21:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/06 10:21:08 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/06 07:17:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\test\del
[2010/05/06 07:08:33 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2010/05/06 06:51:28 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\test\Desktop\untitled.bmp
[2010/05/06 06:16:02 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2010/05/05 08:53:23 | 000,680,256 | ---- | M] () -- C:\Documents and Settings\test\Desktop\[Eprouvez]'s_Keylogging_Tutorial.rar
[2010/05/05 08:35:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/04 07:42:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/03 21:21:10 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/05/03 21:21:10 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System32\BD7020.DAT
[2010/05/03 21:17:18 | 000,000,000 | ---- | M] () -- C:\Program Files\error.dat
[2010/04/30 06:53:33 | 001,056,313 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Botnet_Tutorial.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 08:43:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/23 09:58:47 | 000,392,702 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100423-100013.backup
[2010/04/23 09:30:09 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2010/04/23 09:27:20 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\test\Desktop\spybotsd162.exe
[2010/04/22 09:10:27 | 000,611,624 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\test\Desktop\GetSystemInfo.exe
[2010/04/18 19:12:03 | 000,376,958 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/18 19:12:03 | 000,371,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/18 19:12:03 | 000,052,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/18 07:00:17 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/16 15:48:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 09:42:22 | 045,169,122 | ---- | M] () -- C:\Documents and Settings\test\Desktop\The_Cover_All_Stars-Instrumental_Tribute_To_Lady_GaGa-2010-VAG.rar
[2010/04/15 08:29:43 | 066,808,429 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Prince_[2010]_-_Tamil_Version_-_TamilGears.Com.rar
[2010/04/15 04:36:43 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/13 16:32:19 | 040,138,164 | ---- | M] () -- C:\Documents and Settings\test\Desktop\VA-Best_Of_Ragga_Dancehall-2CD-2007-H5N1.part2.rar
[2010/04/13 16:21:56 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\test\Desktop\VA-Best_Of_Ragga_Dancehall-2CD-2007-H5N1.part1.rar
[2010/04/13 14:27:06 | 199,229,440 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Reggae.Dancehall.Singles.Part.2._2010_.part1.rar
[2010/04/13 04:50:11 | 006,198,411 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Jay_Sean__Down_ACOUSTIC_LIVE.mp3
[2010/04/12 13:49:56 | 000,167,899 | ---- | M] () -- C:\Documents and Settings\test\Desktop\454.JPG
[2010/04/12 08:11:14 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/12 07:19:47 | 000,012,912 | ---- | M] () -- C:\Documents and Settings\test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/12 07:03:57 | 000,957,630 | ---- | M] () -- C:\Documents and Settings\test\Desktop\screwupending.mp3
[2010/04/12 06:23:46 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\test\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 06:22:07 | 000,010,890 | ---- | M] () -- C:\Documents and Settings\test\Desktop\testintro.JPG
[2010/04/12 06:10:20 | 008,403,532 | ---- | M] () -- C:\Documents and Settings\test\Desktop\13_-_megamix.mp3
[2010/04/12 05:10:49 | 000,048,644 | ---- | M] () -- C:\Documents and Settings\test\Desktop\practice2.mx5
[2010/04/11 20:40:58 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\test\Desktop\CCleaner.lnk
[2010/04/11 18:42:12 | 000,714,378 | ---- | M] () -- C:\Documents and Settings\test\Desktop\test234.mp3
[2010/04/11 17:58:11 | 008,636,738 | ---- | M] () -- C:\Documents and Settings\test\Desktop\SeanPaul-Temperature.rar
[2010/04/11 17:42:51 | 000,644,788 | ---- | M] () -- C:\Documents and Settings\test\Desktop\testintromix.mp3
[2010/04/11 17:24:34 | 006,220,154 | ---- | M] () -- C:\Documents and Settings\test\Desktop\sorumixtest.mp3
[2010/04/11 10:28:35 | 000,034,624 | ---- | M] () -- C:\Documents and Settings\test\Desktop\practice.mx5
[2010/04/11 10:12:43 | 000,644,788 | ---- | M] () -- C:\Documents and Settings\test\Desktop\test.mp3
[2010/04/11 07:46:42 | 136,328,904 | ---- | M] () -- C:\Documents and Settings\test\Desktop\soccerlist.rar
[2010/04/11 07:22:15 | 012,260,807 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Yea Dushyantha - TamilWire.Com.mp3
[2010/04/11 07:21:36 | 006,203,381 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Vinnathaandi Varuvaayaa - TamilWire.Com.mp3
[2010/04/11 07:21:31 | 011,351,290 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Hosanna - TamilWire.Com.mp3
[2010/04/11 07:12:55 | 184,288,233 | ---- | M] () -- C:\Documents and Settings\test\Desktop\NxSG_HipHop_Beats_Collection.rar
[2010/04/10 17:53:01 | 107,427,278 | ---- | M] () -- C:\Documents and Settings\test\Desktop\SPDutty.rar
[2010/04/10 17:28:29 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/10 17:25:15 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mixcraft 5.lnk
[2010/04/10 17:23:41 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spin It Again.lnk
[2010/04/10 15:44:34 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/10 15:43:31 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/10 15:38:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/10 15:38:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/10 15:38:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/10 15:38:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/04/10 15:38:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/10 15:38:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/10 15:38:33 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/10 15:38:33 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/10 15:38:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/10 15:38:08 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/10 15:37:13 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/04/10 15:37:13 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/04/10 08:15:46 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 05:11:52 | 000,001,971 | ---- | C] () -- C:\Documents and Settings\test\Desktop\SpyHunter.lnk
[2010/05/12 05:09:29 | 001,074,232 | ---- | C] () -- C:\Documents and Settings\test\Desktop\RootkitBuster_2.80.1077.zip
[2010/05/11 06:03:23 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/05/10 11:02:03 | 000,000,109 | ---- | C] () -- C:\Documents and Settings\test\Desktop\NoAutoRun.reg
[2010/05/09 15:48:03 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\test\Desktop\McAfee AntiVirus Plus.lnk
[2010/05/06 10:21:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/06 10:21:08 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/06 07:17:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\test\del
[2010/05/06 07:08:33 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2010/05/06 06:51:28 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\test\Desktop\untitled.bmp
[2010/05/06 06:16:02 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ThreatFire.lnk
[2010/05/05 08:53:19 | 000,680,256 | ---- | C] () -- C:\Documents and Settings\test\Desktop\[Eprouvez]'s_Keylogging_Tutorial.rar
[2010/05/03 21:17:18 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
[2010/05/03 21:17:04 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/05/03 21:17:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7020.DAT
[2010/04/30 06:53:31 | 001,056,313 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Botnet_Tutorial.pdf
[2010/04/27 10:18:23 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\test\Desktop\HiJackThis.lnk
[2010/04/23 10:00:13 | 000,392,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100423-100013.backup
[2010/04/23 09:58:47 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100423-095847.backup
[2010/04/23 09:30:09 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Spybot - Search & Destroy.lnk
[2010/04/23 09:30:09 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2010/04/18 07:01:42 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/18 07:00:17 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/04/17 08:07:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/16 15:48:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/16 09:42:17 | 045,169,122 | ---- | C] () -- C:\Documents and Settings\test\Desktop\The_Cover_All_Stars-Instrumental_Tribute_To_Lady_GaGa-2010-VAG.rar
[2010/04/15 08:28:23 | 066,808,429 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Prince_[2010]_-_Tamil_Version_-_TamilGears.Com.rar
[2010/04/15 04:41:49 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/15 04:41:48 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/15 04:41:47 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/15 04:41:47 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/15 04:41:46 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/15 04:37:05 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/15 04:36:51 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/15 04:36:51 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/15 04:36:42 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/15 04:36:36 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/13 16:32:17 | 040,138,164 | ---- | C] () -- C:\Documents and Settings\test\Desktop\VA-Best_Of_Ragga_Dancehall-2CD-2007-H5N1.part2.rar
[2010/04/13 16:21:47 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\test\Desktop\VA-Best_Of_Ragga_Dancehall-2CD-2007-H5N1.part1.rar
[2010/04/13 14:26:36 | 199,229,440 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Reggae.Dancehall.Singles.Part.2._2010_.part1.rar
[2010/04/12 13:49:56 | 000,167,899 | ---- | C] () -- C:\Documents and Settings\test\Desktop\454.JPG
[2010/04/12 06:22:07 | 000,010,890 | ---- | C] () -- C:\Documents and Settings\test\Desktop\testintro.JPG
[2010/04/12 06:20:55 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 06:18:45 | 000,957,630 | ---- | C] () -- C:\Documents and Settings\test\Desktop\screwupending.mp3
[2010/04/12 06:10:20 | 008,403,532 | ---- | C] () -- C:\Documents and Settings\test\Desktop\13_-_megamix.mp3
[2010/04/11 20:40:58 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\test\Desktop\CCleaner.lnk
[2010/04/11 20:12:39 | 006,198,411 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Jay_Sean__Down_ACOUSTIC_LIVE.mp3
[2010/04/11 18:26:24 | 000,714,378 | ---- | C] () -- C:\Documents and Settings\test\Desktop\test234.mp3
[2010/04/11 17:58:09 | 008,636,738 | ---- | C] () -- C:\Documents and Settings\test\Desktop\SeanPaul-Temperature.rar
[2010/04/11 17:25:13 | 000,644,788 | ---- | C] () -- C:\Documents and Settings\test\Desktop\testintromix.mp3
[2010/04/11 17:23:56 | 006,220,154 | ---- | C] () -- C:\Documents and Settings\test\Desktop\sorumixtest.mp3
[2010/04/11 16:28:40 | 000,048,644 | ---- | C] () -- C:\Documents and Settings\test\Desktop\practice2.mx5
[2010/04/11 10:00:10 | 000,644,788 | ---- | C] () -- C:\Documents and Settings\test\Desktop\test.mp3
[2010/04/11 08:38:10 | 000,034,624 | ---- | C] () -- C:\Documents and Settings\test\Desktop\practice.mx5
[2010/04/11 07:46:37 | 136,328,904 | ---- | C] () -- C:\Documents and Settings\test\Desktop\soccerlist.rar
[2010/04/11 07:22:15 | 012,260,807 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Yea Dushyantha - TamilWire.Com.mp3
[2010/04/11 07:21:35 | 006,203,381 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Vinnathaandi Varuvaayaa - TamilWire.Com.mp3
[2010/04/11 07:21:31 | 011,351,290 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Hosanna - TamilWire.Com.mp3
[2010/04/11 07:12:43 | 184,288,233 | ---- | C] () -- C:\Documents and Settings\test\Desktop\NxSG_HipHop_Beats_Collection.rar
[2010/04/10 17:52:55 | 107,427,278 | ---- | C] () -- C:\Documents and Settings\test\Desktop\SPDutty.rar
[2010/04/10 17:28:29 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/10 17:25:15 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mixcraft 5.lnk
[2010/04/10 17:23:41 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spin It Again.lnk
[2010/04/10 16:49:45 | 155,429,958 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Soca Songs 2008 - TAMILRMX.COM.rar
[2010/04/10 16:49:12 | 094,854,133 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Riddim Pack - Dj Tigga Stylez - WWW.TAMILRMX.COM.rar
[2010/04/10 16:49:05 | 018,405,240 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Riddim Fever Volume 1 - www.tamilrmx.com.rar
[2010/04/10 16:47:28 | 225,593,494 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Hindi Instrumentals - TAMILRMX.COM.rar
[2010/04/10 16:47:26 | 003,571,040 | ---- | C] () -- C:\Documents and Settings\test\Desktop\DJ TIGGA STYLEZ NU-SOUND-FX PACKAGE 2K8.rar
[2010/04/10 16:47:16 | 015,679,325 | ---- | C] () -- C:\Documents and Settings\test\Desktop\Design Studio Inc - Reggaeton Volume 2.zip
[2010/04/10 16:16:02 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\test\ntuser.ini
[2010/04/10 16:15:59 | 006,291,456 | -H-- | C] () -- C:\Documents and Settings\test\NTUSER.DAT
[2010/04/10 16:15:59 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\test\NTUSER.DAT.LOG
[2010/04/10 15:44:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/10 15:43:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/10 15:38:35 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/10 15:38:35 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/10 15:38:35 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/04/10 15:38:35 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/04/10 15:38:35 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/04/10 15:38:20 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/10 15:38:20 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/10 15:38:18 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/10 15:37:13 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/04/10 15:37:13 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/10 15:37:08 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/04/10 15:35:58 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/04/10 15:35:58 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/04/10 08:15:46 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/10 08:10:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/04/10 08:10:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/04/10 08:10:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/04/10 08:10:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/04/10 08:10:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/04/10 08:10:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/04/10 08:10:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/04/10 08:10:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/04/10 08:10:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/04/10 08:10:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/04/10 08:10:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/04/10 08:10:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/04/10 08:10:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/04/10 08:10:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/04/10 08:10:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/04/10 08:10:37 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/04/10 08:10:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/04/10 08:10:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/04/10 08:10:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/04/10 08:10:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/04/10 08:10:33 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/04/10 08:10:20 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/04/10 08:10:20 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/04/10 08:10:19 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/04/10 08:10:19 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/04/10 08:10:19 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/04/10 08:10:19 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/04/10 08:10:19 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/04/10 08:10:19 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/04/10 08:10:19 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/04/10 08:10:19 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/04/10 08:10:19 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/04/10 08:10:19 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/04/10 08:10:19 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/04/10 08:10:19 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/04/10 08:10:19 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/04/10 08:10:19 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/04/10 08:10:19 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/04/10 08:10:18 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/04/10 08:10:18 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/04/10 08:09:33 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/10 08:08:37 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/04/10 08:08:32 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2010/04/10 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2010/05/06 07:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2010/05/10 05:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/04/22 13:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/20 15:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/05/03 21:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/12 10:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/10 17:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Acoustica
[2010/04/20 15:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\GlobalSCAPE

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/16 21:50:12 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >



OTL Extras logfile created on: 5/12/2010 10:25:22 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\test\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 443.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 66.38 Gb Free Space | 89.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEST-20BFE89AFD
Current User Name: test
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024D73F0-1C49-2340-8AC3-5234AAA560C0}" = ccc-core-static
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24F9E04D-4CD5-3979-76F9-C1C6E78471AB}" = CCC Help Italian
"{3305E24F-1192-0424-8A25-39713FD92728}" = Skins
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DA7A736-0B03-565C-1139-83FE890F0AF3}" = CCC Help French
"{43A1FE83-D39F-3779-8D48-D6D19EE7AC48}" = CCC Help Chinese Traditional
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter
"{66CA5E58-0D03-A75D-16EF-68258DE0DFC3}" = CCC Help English
"{6BC292E6-5C85-4620-C1D0-A2FEAFD5D135}" = CCC Help Japanese
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7579A17B-0E6C-9EF3-D022-30729A24B399}" = CCC Help Chinese Standard
"{7BAA2000-5B8D-66DD-DBE7-089671AC118B}" = ccc-utility
"{7C2BD022-2B09-1F6D-D6C1-AD2A591E7537}" = Catalyst Control Center Core Implementation
"{806DB796-7082-C63F-284E-62245284A417}" = CCC Help Dutch
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3E23D97-145F-29BF-81DE-DAEC1E5AB237}" = Catalyst Control Center Graphics Full New
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8FA2AC0-3875-B59F-917F-719982FB1BE8}" = CCC Help Portuguese
"{ABE4AEFD-ADA9-4915-9AF0-B17E0713DFEC}" = Brother DCP-7020
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE1A0B0E-2EC7-656A-711A-0E7E8D4AB5CF}" = CCC Help Spanish
"{B016DE7B-CA2D-5EFD-9591-A109E67119BD}" = CCC Help Swedish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4A92EF9-D14C-937F-742E-D272938DC590}" = CCC Help Korean
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D702172D-8D17-D9EC-B661-42FA268575AF}" = Catalyst Control Center Localization All
"{DAA3F236-CEEC-C6CC-12C2-AB1B75C8BC09}" = CCC Help German
"{E09CEE8B-1DCD-C628-A8EA-2B56D61DDEFA}" = ccc-core-preinstall
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3439243-1BAC-7250-D346-2642655F95ED}" = Catalyst Control Center Graphics Full Existing
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF2AFF73-099E-0BB5-AE87-B044D3D7DE78}" = Catalyst Control Center Graphics Light
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Autorun Eater_is1" = Autorun Eater v2.4
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"GoToAssist" = GoToAssist Corporate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee AntiVirus Plus
"Spin It Again" = Spin It Again
"Spyware Doctor" = Spyware Doctor 7.0
"Unlocker" = Unlocker 1.8.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/12/2010 9:22:30 AM | Computer Name = TEST-20BFE89AFD | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/12/2010 9:22:30 AM | Computer Name = TEST-20BFE89AFD | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/12/2010 11:02:30 AM | Computer Name = TEST-20BFE89AFD | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/12/2010 11:02:30 AM | Computer Name = TEST-20BFE89AFD | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/12/2010 12:47:30 PM | Computer Name = TEST-20BFE89AFD | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/12/2010 12:50:43 PM | Computer Name = TEST-20BFE89AFD | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/12/2010 1:14:27 PM | Computer Name = TEST-20BFE89AFD | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/12/2010 1:14:27 PM | Computer Name = TEST-20BFE89AFD | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/12/2010 1:21:18 PM | Computer Name = TEST-20BFE89AFD | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

Error - 5/12/2010 1:21:18 PM | Computer Name = TEST-20BFE89AFD | Source = Userenv | ID = 1090
Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
status. An attempt to connect to WMI failed. No more RSoP logging will be done for
this application of policy.

[ System Events ]
Error - 5/10/2010 10:04:54 AM | Computer Name = TEST-20BFE89AFD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 5/10/2010 10:04:54 AM | Computer Name = TEST-20BFE89AFD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 5/10/2010 10:04:55 AM | Computer Name = TEST-20BFE89AFD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 5/10/2010 10:04:55 AM | Computer Name = TEST-20BFE89AFD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 5/10/2010 10:04:56 AM | Computer Name = TEST-20BFE89AFD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 5/10/2010 10:04:56 AM | Computer Name = TEST-20BFE89AFD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 5/10/2010 10:04:56 AM | Computer Name = TEST-20BFE89AFD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 5/10/2010 10:04:56 AM | Computer Name = TEST-20BFE89AFD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 5/10/2010 10:04:57 AM | Computer Name = TEST-20BFE89AFD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 5/10/2010 10:04:57 AM | Computer Name = TEST-20BFE89AFD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}


< End of report >

Edited by boopme, 12 May 2010 - 01:58 PM.


BC AdBot (Login to Remove)

 


#2 morfia

morfia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 12 May 2010 - 04:13 PM

can anyone help me???

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 12 May 2010 - 06:02 PM.


#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:50 AM

Posted 13 May 2010 - 11:00 AM

Hello, morfia
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 morfia

morfia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 13 May 2010 - 09:06 PM

i highl dount i have a virus but maybe do because when i reformated this pc i burned a cs thought another computer which has a usb virus that spreads to any usb being injected and all my personal information had been comprimised.



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-13 19:00:13
Windows 5.1.2600 Service Pack 3
Running: hq3f8k3r.exe; Driver: C:\DOCUME~1\test\LOCALS~1\Temp\kxriqaog.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF739DE64]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF737DEEE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF737E0E0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF739E652]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF739E906]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF739CB64]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF739ED72]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF739E124]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF737DB5C]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF73DDCEA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF73DDC14]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF73DDC28]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF73DDCC0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF73DDD00]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF73DDCD4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2468 80501CA0 4 Bytes JMP 651313DE

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[288] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 02410FEF
.text C:\WINDOWS\Explorer.EXE[288] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 02410014
.text C:\WINDOWS\Explorer.EXE[288] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 02410FDE
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02580FEF
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0258007D
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0258006C
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0258005B
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0258004A
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02580FA8
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02580F35
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02580F50
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025800B3
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02580F24
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02580EFF
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0258002F
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02580FD4
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02580F6D
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02580014
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02580FC3
.text C:\WINDOWS\Explorer.EXE[288] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02580098
.text C:\WINDOWS\Explorer.EXE[288] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02560FA5
.text C:\WINDOWS\Explorer.EXE[288] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0256004E
.text C:\WINDOWS\Explorer.EXE[288] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02560000
.text C:\WINDOWS\Explorer.EXE[288] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02560FD4
.text C:\WINDOWS\Explorer.EXE[288] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0256003D
.text C:\WINDOWS\Explorer.EXE[288] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02560FEF
.text C:\WINDOWS\Explorer.EXE[288] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0256002C
.text C:\WINDOWS\Explorer.EXE[288] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0256001B
.text C:\WINDOWS\Explorer.EXE[288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02490049
.text C:\WINDOWS\Explorer.EXE[288] msvcrt.dll!system 77C293C7 5 Bytes JMP 02490038
.text C:\WINDOWS\Explorer.EXE[288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02490FD2
.text C:\WINDOWS\Explorer.EXE[288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0249000C
.text C:\WINDOWS\Explorer.EXE[288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02490027
.text C:\WINDOWS\Explorer.EXE[288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02490FEF
.text C:\WINDOWS\Explorer.EXE[288] WININET.dll!InternetOpenA 7806C851 5 Bytes JMP 02570000
.text C:\WINDOWS\Explorer.EXE[288] WININET.dll!InternetOpenW 7806CE81 5 Bytes JMP 0257001B
.text C:\WINDOWS\Explorer.EXE[288] WININET.dll!InternetOpenUrlA 78070BAA 5 Bytes JMP 02570036
.text C:\WINDOWS\Explorer.EXE[288] WININET.dll!InternetOpenUrlW 780BB2F1 5 Bytes JMP 02570FE5
.text C:\WINDOWS\Explorer.EXE[288] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02420000
.text C:\WINDOWS\system32\svchost.exe[476] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[476] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 00BD0022
.text C:\WINDOWS\system32\svchost.exe[476] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00F81
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00080
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00065
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00FA8
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C0002F
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C000B6
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F64
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000E2
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F3F
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C000F3
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C00014
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C00091
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C000C7
.text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BF0F79
.text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BF0FA8
.text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\svchost.exe[476] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0042
.text C:\WINDOWS\system32\svchost.exe[476] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FAD
.text C:\WINDOWS\system32\svchost.exe[476] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE001D
.text C:\WINDOWS\system32\svchost.exe[476] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[476] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FBE
.text C:\WINDOWS\system32\svchost.exe[476] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\services.exe[1244] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[1244] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 00040FDE
.text C:\WINDOWS\system32\services.exe[1244] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0094008C
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00940F8D
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00940F9E
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0094005B
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0094004A
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009400C9
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009400B8
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00940106
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009400F5
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00940121
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00940FC3
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00940014
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 009400A7
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0094002F
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00940FD4
.text C:\WINDOWS\system32\services.exe[1244] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 009400DA
.text C:\WINDOWS\system32\services.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00070FCD
.text C:\WINDOWS\system32\services.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00070F97
.text C:\WINDOWS\system32\services.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00070014
.text C:\WINDOWS\system32\services.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00070054
.text C:\WINDOWS\system32\services.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00070043
.text C:\WINDOWS\system32\services.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00070FB2
.text C:\WINDOWS\system32\services.exe[1244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060FCF
.text C:\WINDOWS\system32\services.exe[1244] msvcrt.dll!system 77C293C7 5 Bytes JMP 0006005A
.text C:\WINDOWS\system32\services.exe[1244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0006002E
.text C:\WINDOWS\system32\services.exe[1244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[1244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060049
.text C:\WINDOWS\system32\services.exe[1244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0006001D
.text C:\WINDOWS\system32\services.exe[1244] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050FE5
.text C:\WINDOWS\system32\lsass.exe[1264] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\lsass.exe[1264] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 00BC0FC0
.text C:\WINDOWS\system32\lsass.exe[1264] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F4007D
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40F7E
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40062
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40051
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40036
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F40F48
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F63
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40F01
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F1C
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F40EF0
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F40FAF
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F4008E
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F40011
.text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F40F37
.text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BF0062
.text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BF0014
.text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BF0051
.text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\lsass.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0062
.text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0047
.text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FCD
.text C:\WINDOWS\system32\lsass.exe[1264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0018
.text C:\WINDOWS\system32\lsass.exe[1264] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 00A90014
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A90FD4
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0069
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0058
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0F8A
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0047
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0FAC
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD009A
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F52
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD00E1
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD00D0
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00AD0F37
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00AD0F9B
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AD0011
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00AD0F63
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00AD0FC7
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00AD0022
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00AD00BF
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00AC0FB9
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00AC0F8D
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00AC004A
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00AC002F
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00AC0FA8
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0F97
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0022
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0011
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FE3
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FBC
.text C:\WINDOWS\system32\svchost.exe[1416] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1416] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 00C10022
.text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50064
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C50053
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50F6F
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50F8A
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50FAF
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C50F48
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C50090
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C500D7
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C500C6
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C500F2
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C5002C
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C50075
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C50011
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C50FC0
.text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C500AB
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C4005B
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C40FB9
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C40F9E
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C40FE5
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C40040
.text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C40025
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30036
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30FAB
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30011
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30FBC
.text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!NtCreateFile 7C90D090 3 Bytes JMP 01910FEF
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!NtCreateFile + 4 7C90D094 1 Byte [85]
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!NtCreateProcess 7C90D130 3 Bytes JMP 01910025
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!NtCreateProcess + 4 7C90D134 1 Byte [85]
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes JMP 0191000A
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 1 Byte [85]
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0283000A
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02830091
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02830F92
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02830FB9
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02830076
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0283005B
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028300AE
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02830F66
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028300D3
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02830F3A
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 028300EE
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02830FD4
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02830025
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02830F77
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0283004A
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02830FEF
.text C:\WINDOWS\System32\svchost.exe[1632] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02830F4B
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01940FB9
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01940F9E
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0194000A
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01940FD4
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01940051
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01940FEF
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01940040
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01940025
.text C:\WINDOWS\System32\svchost.exe[1632] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0193003D
.text C:\WINDOWS\System32\svchost.exe[1632] msvcrt.dll!system 77C293C7 5 Bytes JMP 01930FBC
.text C:\WINDOWS\System32\svchost.exe[1632] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01930FDE
.text C:\WINDOWS\System32\svchost.exe[1632] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01930FEF
.text C:\WINDOWS\System32\svchost.exe[1632] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01930FCD
.text C:\WINDOWS\System32\svchost.exe[1632] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0193000C
.text C:\WINDOWS\System32\svchost.exe[1632] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01920000
.text C:\WINDOWS\System32\svchost.exe[1632] WININET.dll!InternetOpenA 7806C851 5 Bytes JMP 027A0000
.text C:\WINDOWS\System32\svchost.exe[1632] WININET.dll!InternetOpenW 7806CE81 5 Bytes JMP 027A001B
.text C:\WINDOWS\System32\svchost.exe[1632] WININET.dll!InternetOpenUrlA 78070BAA 5 Bytes JMP 027A0036
.text C:\WINDOWS\System32\svchost.exe[1632] WININET.dll!InternetOpenUrlW 780BB2F1 5 Bytes JMP 027A0FE5
.text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 00740FCD
.text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00740FDE
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780000
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0078005B
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F66
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00780040
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0078002F
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780F94
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0078009D
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00780082
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00780F04
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780F1F
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00780EE9
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00780F83
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00780FE5
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00780F4B
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00780FCA
.text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00780F3A
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00770FC3
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00770F97
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00770014
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00770FDE
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0077004A
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00770039
.text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00770FB2
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760FC8
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!system 77C293C7 5 Bytes JMP 00760049
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0076001D
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0076002E
.text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1780] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00750FEF
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 00E50FCA
.text C:\WINDOWS\system32\svchost.exe[1952] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00E50FE5
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA007F
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA0064
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA0047
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA0F8A
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA0FB6
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA0F68
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA00A4
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA0F32
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA0F4D
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00EA00E6
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00EA0FA5
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EA001B
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00EA0F79
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00EA002C
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00EA0FDB
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00EA00C1
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E80014
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E80054
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E80FC3
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E80FD4
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E80039
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00E80F8D
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [08, 89]
.text C:\WINDOWS\system32\svchost.exe[1952] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E80FA8
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E7003D
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70FB2
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70FCD
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E70022
.text C:\WINDOWS\system32\svchost.exe[1952] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70FDE
.text C:\WINDOWS\system32\svchost.exe[1952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E6000A
.text C:\WINDOWS\system32\svchost.exe[1952] WININET.dll!InternetOpenA 7806C851 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\svchost.exe[1952] WININET.dll!InternetOpenW 7806CE81 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\system32\svchost.exe[1952] WININET.dll!InternetOpenUrlA 78070BAA 5 Bytes JMP 00E9001B
.text C:\WINDOWS\system32\svchost.exe[1952] WININET.dll!InternetOpenUrlW 780BB2F1 5 Bytes JMP 00E90FD4
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2008] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2008] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00140FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 0014001B
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 0014000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F57
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F68
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F79
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260084
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260067
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260EFC
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F0D
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 002600B0
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00260036
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00260011
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00260F3C
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00260FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00260FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00260095
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00350011
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00350047
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0035002C
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00350FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00350F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00350FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A1E3F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1DC0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1E04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A1D4C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A1D86 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A1E7A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316EE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360047
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360022
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] WININET.dll!InternetOpenA 7806C851 5 Bytes JMP 01B10FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] WININET.dll!InternetOpenW 7806CE81 5 Bytes JMP 01B10FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] WININET.dll!InternetOpenUrlA 78070BAA 5 Bytes JMP 01B10FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] WININET.dll!InternetOpenUrlW 780BB2F1 5 Bytes JMP 01B10FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[3460] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01C10FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1964] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [004076E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1964] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [02B42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [02B1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [02B1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [02B42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [02B42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [02B1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [02B1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [02B1BE20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [02B1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [02B1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [02B1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [02B1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02B42DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [02B42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [02B1BE20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [02B1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [02B1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [02B1A1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [02B1AA00] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [02B1B1D0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [02B1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [02B1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [02B42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [02B42DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [02B1A1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [02B1B1D0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [02B42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [02B1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [02B42DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [02B1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [02B1A1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [02B1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [02B1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [02B1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [02B42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [02B1A1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [02B1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [02B42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [02B42DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [02B1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [02B1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [02B1A1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [02B1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [02B42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [02B42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [02B1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [02B1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [02B42DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [02B42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [02B1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [02B1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3460] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [02B1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}\iexplore@Count 423

---- EOF - GMER 1.0.15 ----


#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:50 AM

Posted 17 May 2010 - 07:15 AM

Hi,

Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 morfia

morfia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 20 May 2010 - 04:49 AM

ComboFix 10-05-17.05 - test 05/19/2010 6:02.1.1 - x86
Running from: c:\documents and settings\test\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Vb40032.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 )))))))))))))))))))))))))))))))
.

2010-05-18 21:32 . 2010-05-19 12:28 0 ----a-w- c:\documents and settings\test\Local Settings\Application Data\prvlcl.dat
2010-05-18 14:07 . 2010-05-18 14:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-18 13:59 . 2010-05-18 12:51 875288 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-05-18 13:59 . 2010-05-18 12:51 798488 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-05-18 13:59 . 2010-05-18 12:51 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-05-18 13:59 . 2010-05-18 12:51 1656088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-05-18 12:52 . 2010-05-18 17:55 -------- d-----w- C:\$AVG
2010-05-18 12:52 . 2010-05-18 14:05 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-18 12:51 . 2010-05-18 14:07 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-18 12:51 . 2010-05-19 12:29 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-18 12:51 . 2010-05-18 14:06 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-05-18 12:51 . 2010-05-18 14:05 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-18 12:51 . 2010-05-18 14:07 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-18 12:50 . 2010-05-18 14:06 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-05-18 12:50 . 2010-05-18 14:06 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-05-18 12:50 . 2010-05-18 12:50 -------- d-----w- c:\program files\AVG
2010-05-18 12:50 . 2010-05-18 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-18 11:37 . 2010-05-18 11:37 -------- d-----w- c:\program files\Common Files\Stardock
2010-05-18 11:37 . 2004-04-26 20:47 163456 ----a-w- c:\windows\system32\drivers\vidstub.sys
2010-05-18 11:36 . 2010-05-18 11:36 -------- d-----w- c:\program files\Stardock
2010-05-17 16:23 . 2010-05-17 16:23 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2010-05-17 16:23 . 2010-05-17 16:23 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-05-17 16:23 . 2010-05-17 16:23 -------- d-----w- c:\program files\Prevx
2010-05-17 16:23 . 2010-05-18 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-05-13 15:14 . 2010-05-13 15:14 293376 ----a-w- C:\pixe8z09.exe
2010-05-13 13:31 . 2010-05-13 13:31 -------- d-----w- c:\program files\Smart Virus Remover
2010-05-12 17:02 . 2010-05-12 17:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\Malwarebytes
2010-05-12 12:11 . 2010-05-12 12:11 -------- d-----w- c:\program files\Enigma Software Group
2010-05-12 12:11 . 2010-05-12 18:49 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-12 12:11 . 2010-05-12 12:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-12 11:57 . 2010-05-12 11:57 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-05-10 12:18 . 2010-05-10 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-05-10 12:15 . 2010-05-10 12:15 -------- d-----w- c:\program files\Citrix
2010-05-10 12:15 . 2010-05-10 12:15 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\Citrix
2010-05-09 22:34 . 2010-04-14 19:29 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-09 22:34 . 2010-04-14 19:29 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-09 22:34 . 2010-04-14 19:29 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-09 22:34 . 2010-04-14 19:29 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-09 22:34 . 2010-04-14 19:29 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-05-09 22:34 . 2010-04-14 19:29 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-05-09 22:34 . 2010-04-14 19:29 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-06 14:08 . 2010-05-06 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2010-05-06 14:08 . 2010-05-06 14:08 -------- d-----w- c:\program files\Autorun Eater
2010-05-04 14:08 . 2010-05-04 14:08 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-04 04:19 . 2008-04-14 07:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-04 04:19 . 2008-04-14 07:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-04 04:17 . 2010-05-04 04:17 0 ----a-w- c:\program files\error.dat
2010-05-04 04:17 . 2010-05-04 04:21 34 ----a-w- c:\windows\system32\BD7020.DAT
2010-05-04 04:16 . 2010-05-04 04:16 -------- d-----w- c:\program files\Brother
2010-05-04 04:16 . 2004-10-12 08:24 188416 ----a-w- c:\windows\system32\Pdrvinst.dll
2010-05-04 04:16 . 2002-10-31 08:09 81920 ----a-w- c:\windows\system32\BrWebIns.dll
2010-05-04 04:16 . 2003-07-03 08:08 65536 ----a-w- c:\windows\system32\BRWEBUP.EXE
2010-05-04 04:09 . 2010-05-04 04:09 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-05-04 04:08 . 2010-05-04 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-05-04 04:08 . 2010-05-04 04:08 -------- d-----w- c:\program files\ScanSoft
2010-05-04 04:08 . 2010-05-04 04:08 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2010-05-04 04:07 . 2010-05-04 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2010-05-04 03:29 . 2007-07-25 23:44 2210048 ------w- c:\windows\system32\drivers\w29n51.sys
2010-05-04 03:29 . 2007-02-12 18:41 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2010-05-04 03:29 . 2007-02-12 18:40 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2010-05-03 04:17 . 2010-05-03 04:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-04-30 12:36 . 2010-04-30 12:41 -------- d-----w- c:\windows\BDOSCAN8
2010-04-27 17:18 . 2010-04-27 17:18 388096 ----a-r- c:\documents and settings\test\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-27 17:18 . 2010-04-27 17:18 -------- d-----w- c:\program files\Trend Micro
2010-04-23 16:29 . 2010-05-13 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-23 16:29 . 2010-04-23 16:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-22 20:42 . 2010-04-22 20:42 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\ESET
2010-04-22 20:34 . 2010-04-22 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-04-20 22:11 . 2010-04-20 22:11 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\GlobalSCAPE
2010-04-20 22:11 . 2010-04-20 22:11 -------- d-----w- c:\documents and settings\test\Application Data\GlobalSCAPE
2010-04-20 22:11 . 2010-04-20 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\GlobalSCAPE
2010-04-20 22:09 . 2010-04-20 22:09 -------- d-----w- c:\program files\GlobalSCAPE
2010-04-19 18:23 . 2010-04-19 18:23 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\ATI
2010-04-19 18:23 . 2010-04-19 18:23 -------- d-----w- c:\documents and settings\test\Application Data\ATI
2010-04-19 18:23 . 2010-04-19 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-04-19 18:04 . 1998-07-30 19:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-04-19 17:53 . 2010-04-19 18:02 -------- d-----w- c:\program files\ATI Technologies
2010-04-19 17:51 . 2010-04-19 17:51 -------- d-----w- C:\DRIVERS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 12:54 . 2010-04-15 11:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-17 15:11 . 2010-04-17 15:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-13 12:11 . 2010-05-09 22:34 -------- d-----w- c:\program files\McAfee
2010-05-12 18:44 . 2010-04-15 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-10 15:31 . 2010-04-16 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 12:59 . 2010-04-11 00:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-09 22:46 . 2010-05-09 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-09 22:35 . 2010-05-09 22:34 -------- d-----w- c:\program files\Common Files\Mcafee
2010-05-09 22:34 . 2010-05-09 22:34 -------- d-----w- c:\program files\McAfee.com
2010-05-09 21:47 . 2010-04-15 11:36 -------- d-----w- c:\program files\Spyware Doctor
2010-05-07 00:37 . 2010-05-06 23:33 -------- d-----w- c:\program files\Unlocker
2010-05-06 22:05 . 2010-04-18 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-06 17:21 . 2010-05-06 17:21 0 ----a-w- c:\windows\nsreg.dat
2010-05-04 04:16 . 2010-04-11 00:13 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-29 22:39 . 2010-04-16 22:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-04-16 22:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-18 14:01 . 2010-04-18 14:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-18 13:59 . 2010-04-18 13:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-16 22:48 . 2010-04-16 22:48 -------- d-----w- c:\documents and settings\test\Application Data\Malwarebytes
2010-04-16 22:48 . 2010-04-16 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-15 11:42 . 2010-04-15 11:36 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-15 11:36 . 2010-04-15 11:36 -------- d-----w- c:\documents and settings\test\Application Data\PC Tools
2010-04-15 00:05 . 2010-04-10 22:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-14 19:29 . 2010-05-09 22:34 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-14 19:29 . 2010-01-06 00:04 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-14 19:29 . 2010-01-06 00:04 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-12 15:11 . 2010-04-10 22:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-12 14:19 . 2010-04-11 00:31 12912 ----a-w- c:\documents and settings\test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 14:18 . 2010-04-12 14:18 -------- d-----w- c:\program files\Microsoft
2010-04-12 14:18 . 2010-04-12 14:17 -------- d-----w- c:\program files\Windows Live
2010-04-12 14:13 . 2010-04-12 14:13 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-12 03:40 . 2010-04-12 03:40 -------- d-----w- c:\program files\CCleaner
2010-04-11 00:28 . 2010-04-11 00:28 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-11 00:25 . 2010-04-11 00:17 -------- d-----w- c:\program files\Acoustica Mixcraft 5
2010-04-11 00:25 . 2010-04-11 00:24 -------- d-----w- c:\documents and settings\test\Application Data\Acoustica
2010-04-11 00:24 . 2010-04-11 00:23 -------- d-----w- c:\program files\Acoustica Spin It Again
2010-04-11 00:23 . 2010-04-11 00:23 -------- d-----w- c:\program files\Acoustica Shared Effects
2010-04-11 00:17 . 2010-04-11 00:17 -------- d-----w- c:\program files\VST
2010-04-11 00:17 . 2010-04-11 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2010-04-11 00:13 . 2010-04-11 00:13 -------- d-----w- c:\program files\Analog Devices
2010-04-10 23:55 . 2010-04-10 23:55 -------- d-----w- c:\program files\Broadcom
2010-04-10 22:38 . 2010-04-10 22:38 -------- d-----w- c:\program files\microsoft frontpage
2010-04-10 22:36 . 2010-04-10 22:36 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-10 18:36 . 2010-04-15 11:36 217032 ------w- c:\windows\system32\drivers\PCTCore.sys
2010-04-14 19:29 . 2010-05-09 22:34 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-18 14:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autorun Eater]
2009-05-27 05:54 549400 ----a-w- c:\program files\Autorun Eater\oldmcdonald.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 22:04 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 22:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2010-04-02 06:05 1180976 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 21:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-08-06 14:27 860160 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 16:11 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 17:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-09-29 21:36 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-03-09 02:52 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 ATICDSDr;ATICDSDr;c:\docume~1\test\LOCALS~1\Temp\ATICDSDr.sys [x]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-05-18 30104]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2010-04-14 88480]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-14 83496]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSxx.sys [2010-05-18 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-05-18 52872]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-05-17 22024]
S0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [2010-05-17 27656]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-05-18 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-05-18 242896]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-04-14 82952]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-05-18 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-18 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-05-18 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2010-05-17 4368952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-14 141792]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2010-05-18 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2010-05-18 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2010-05-18 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2010-05-18 26120]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-14 55456]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-14 312616]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2010-04-14 88480]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\test\Application Data\Mozilla\Firefox\Profiles\6fooblzy.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ThreatFire - c:\program files\ThreatFire\TFTray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 06:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1780)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-05-19 06:17:13
ComboFix-quarantined-files.txt 2010-05-19 13:17

Pre-Run: 71,007,092,736 bytes free
Post-Run: 71,126,749,184 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B1B7ACD6911A728DEA3D976137EC1DE4


#7 morfia

morfia
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 20 May 2010 - 04:56 AM

Acess denied when ever i open some files and i am full administrator


"kxriqaog.sys"


it says C:kyrigaog.sys access denied"


when i google

http://www.google.ca/search?hl=en&q=kx...q=&gs_rfai=

you only see my two result ??????

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:50 AM

Posted 21 May 2010 - 01:13 PM

Hi,


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :filefind
    kyrigaog.sys
    :reg
    kyrigaog.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:50 AM

Posted 24 May 2010 - 11:30 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users