Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo/MSN Redirect **Virus/Malware ----- Help Needed !!


  • This topic is locked This topic is locked
10 replies to this topic

#1 edge79

edge79

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 31 May 2010 - 01:23 PM

Hello,

Well got some virus/malware. I dont know which one.
It is redirecting my yahoo/msn search. Computer is slow.

I went through few steps to get rid of it. Disabled System Restore.

1. Malwarebytes --- removed few trojans.
2. VIPRE Anti virus removed few malware.
3. Trend Micro Online Anti-Virus removed few.


But the problem didnt go away.

Then I used COMBOFIX & it went though 50 Stages & now its a lot better.

Here is LOG from COMBOFIX. Please help me to remove any leftover malware.

Thanks again.


ComboFix 10-05-29.05 - Dell 05/30/2010 15:03:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2592 [GMT -4:00]
Running from: c:\documents and settings\Dell\My Documents\Software\ComboFix.exe
AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\s
c:\windows\AegisP.inf
c:\windows\is-GPKL6.exe
c:\windows\is-LGTJR.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\st325602.dll
c:\windows\wiaserviv.log


Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 )))))))))))))))))))))))))))))))
.

2010-05-30 17:02 . 2010-05-30 17:02 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1775ffc6-n\msvcp71.dll
2010-05-30 17:02 . 2010-05-30 17:02 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1775ffc6-n\jmc.dll
2010-05-30 17:02 . 2010-05-30 17:02 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1775ffc6-n\msvcr71.dll
2010-05-30 17:02 . 2010-05-30 17:02 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e6dec22-n\decora-sse.dll
2010-05-30 17:02 . 2010-05-30 17:02 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3e6dec22-n\decora-d3d.dll
2010-05-30 17:01 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-30 15:55 . 2007-05-10 14:23 94208 ----a-w- c:\windows\system32\stacsv.exe
2010-05-30 15:55 . 2007-05-10 14:22 405504 ----a-w- c:\windows\stsystra.exe
2010-05-30 15:55 . 2007-04-10 21:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-05-30 15:47 . 2007-05-10 14:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2010-05-30 14:29 . 2010-05-30 14:29 388096 ----a-r- c:\documents and settings\Dell\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-30 14:29 . 2010-05-30 14:29 -------- d-----w- c:\program files\Trend Micro
2010-05-29 23:25 . 2010-05-30 14:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-29 23:25 . 2010-05-29 23:25 -------- d-----w- c:\program files\SpywareBlaster
2010-05-29 22:21 . 2010-05-29 22:27 -------- dc-h--w- c:\windows\ie8
2010-05-29 16:24 . 2010-05-30 04:48 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-29 16:24 . 2010-05-30 04:48 21361 ----a-w- c:\windows\AegisP.sys
2010-05-29 16:22 . 2010-05-29 16:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-05-29 16:22 . 2010-05-29 16:22 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-05-29 16:20 . 2010-05-29 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-05-29 16:20 . 2010-05-29 16:20 -------- d-----w- c:\documents and settings\Dell\Application Data\Intel
2010-05-29 11:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-29 11:51 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-29 08:53 . 2010-05-29 08:55 15882448 ----a-w- c:\documents and settings\All Users\Application Data\Sunbelt\AntiMalware\Downloads\SBVIPRE_EN.4.0.3275.exe
2010-05-29 02:04 . 2010-05-29 02:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-29 00:02 . 2010-05-29 00:03 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 17:02 . 2008-02-12 09:26 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 17:01 . 2008-02-12 09:26 -------- d-----w- c:\program files\Java
2010-05-30 15:22 . 2008-07-26 19:58 -------- d-----w- c:\program files\TVUPlayer
2010-05-29 23:15 . 2008-02-19 02:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-29 17:39 . 2008-05-13 19:21 -------- d-----w- c:\program files\Brother
2010-05-29 17:39 . 2008-02-12 09:28 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-29 17:39 . 2008-02-12 09:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-29 17:14 . 2008-02-18 23:39 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-05-29 16:48 . 2008-12-29 11:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 16:48 . 2008-02-22 01:37 -------- d-----w- c:\documents and settings\Dell\Application Data\LimeWire
2010-05-29 11:57 . 2008-11-15 00:39 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-28 19:49 . 2008-02-19 04:15 -------- d-----w- c:\documents and settings\Dell\Application Data\Lavasoft
2010-05-19 04:49 . 2008-02-12 09:11 19762 ----a-w- c:\windows\system32\nvModes.dat
2010-05-15 11:09 . 2008-05-15 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-08 17:17 . 2009-05-13 16:20 13804048 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-04-01 15:30 . 2010-04-01 15:30 -------- d-----w- c:\documents and settings\Dell\Application Data\webex
2010-03-22 15:27 . 2010-03-22 15:27 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-03-22 15:27 . 2010-03-22 15:27 16 ----a-w- c:\windows\system32\asdict.dat
2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\INTEL\EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE" [2003-09-10 99840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"\\INTEL\EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE" [2003-09-10 99840]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-05-31 81920]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-02-22 1291600]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dell^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\Dell\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dell^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Dell\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dell^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Dell\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM278e0ca2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\voponanabe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-04-16 03:49 159744 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 13:23 61440 ----a-w- c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 13:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 610 Series]
2009-01-26 10:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFJA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-10-08 18:13 1101824 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 20:05 282624 ----a-w- c:\windows\system32\KADxMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 19:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-05-31 21:50 8429568 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-05-31 21:50 67584 ----a-w- c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-05-31 21:50 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-05-31 21:50 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-09-14 16:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 14:22 405504 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
2006-05-03 21:29 556544 ----a-w- c:\program files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 19:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2007-08-03 01:08 95504 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
2005-08-22 14:10 69632 ----a-w- c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2007-09-10 15:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SecureStorageService"=3 (0x3)
"WaveEnrollmentService"=3 (0x3)
"TdmService"=2 (0x2)
"tcsd_win32.exe"=2 (0x2)
"stllssvr"=3 (0x3)
"NBService"=3 (0x3)
"STacSV"=2 (0x2)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
labetify REG_SZ c:\windows\system32\fxscnlpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [3/24/2010 10:17 AM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/14/2009 3:39 AM 95024]
R1 SbTis;sbtis;c:\windows\system32\drivers\sbtis.sys [3/24/2010 9:50 AM 202928]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/29/2010 7:52 AM 304464]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2/21/2010 9:40 PM 2726000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [3/24/2010 10:17 AM 69720]
R2 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [3/24/2010 10:00 AM 85080]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2/21/2010 9:39 PM 181584]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/4/2004 6:00 AM 5120]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2/18/2008 11:13 PM 113896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/29/2010 7:51 AM 20952]
S2 0259171269264251mcinstcleanup;McAfee Application Installer Cleanup (0259171269264251);c:\docume~1\Dell\LOCALS~1\Temp\025917~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Dell\LOCALS~1\Temp\025917~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 1:31 PM 42000]
S3 qcmdmxp;HTC Proprietary USB Driver;c:\windows\system32\drivers\qcmdmxp.sys [4/13/2010 6:04 PM 103424]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [4/13/2010 6:04 PM 103424]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
.
Contents of the 'Scheduled Tasks' folder

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-MerlinReportAgent - c:\program files\att-nap\McciBrowser.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SetDefPrt - c:\program files\Brother\Brmfl04c\BrStDvPt.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Dell\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 19:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
\\INTEL\EPSON Stylus Photo RX600 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE /P32 "\\INTEL\EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"??T????????????YB~?????????????????????????????????????YB~????????????3???8???????????X?C~????????????j?C~???????????????|???????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1092)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-05-30 19:33:36
ComboFix-quarantined-files.txt 2010-05-30 23:33

Pre-Run: 76,096,983,040 bytes free
Post-Run: 76,318,609,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5FB8BADEA4CE3486F77AF15691AFD4B4

EDIT: Moved from XP to more appropriate Malware Removal Logs forum ~ Hamluis.

Attached Files


Edited by edge79, 31 May 2010 - 01:48 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:18 AM

Posted 03 June 2010 - 05:47 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 edge79

edge79
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 04 June 2010 - 09:18 AM

Well got some virus/malware. I dont know which one.
It is redirecting my yahoo/msn search.

Computer is slow.

I went through few steps to get rid of it. Disabled System Restore.

1. Malwarebytes --- removed few trojans.
2. VIPRE Anti virus removed few malware.
3. Trend Micro Online Anti-Virus removed few.

But the problem didnt go away.

Then I used COMBOFIX & it went though 50 Stages & now its a lot better.

LOG from COMBOFIX is in 1st post. Please help me to remove any leftover malware.



Here is Log from OTL






OTL logfile created on: 6/4/2010 9:39:43 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Dell\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 69.90 Gb Free Space | 62.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LATITUDE
Current User Name: Dell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/04 00:56:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/02/21 21:42:26 | 001,291,600 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2010/02/21 21:40:06 | 002,726,000 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2010/02/21 21:39:04 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2009/10/16 08:42:30 | 000,424,688 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe
PRC - [2008/07/09 09:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/18 22:08:43 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/10/08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 14:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 14:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/10/08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2002/04/11 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/12 23:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2010/06/04 00:56:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/11/06 17:08:30 | 000,106,496 | ---- | M] (Nektra S.A.) -- C:\Program Files\Sunbelt Software\VIPRE\oehook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McciCMService)
SRV - File not found [Auto | Stopped] -- -- (0259171269264251mcinstcleanup) McAfee Application Installer Cleanup (0259171269264251)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/02/21 21:40:06 | 002,726,000 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/02/21 21:39:04 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/08/20 12:06:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/09 09:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/02/18 22:08:43 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/11/09 00:50:10 | 001,552,384 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/10/08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/10/08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/10/08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/09/13 16:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 19:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 19:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/05/14 16:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2007/01/25 13:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006/12/19 16:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/04/11 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/21 20:30:04 | 000,085,080 | ---- | M] (Sunbelt Software, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2010/01/05 04:40:38 | 000,069,720 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/01/05 04:40:38 | 000,013,400 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2009/10/16 08:33:08 | 000,114,928 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/10/14 03:39:40 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/01/24 01:36:20 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp)
DRV - [2009/01/24 01:36:20 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcmdmxp.sys -- (qcmdmxp)
DRV - [2008/10/09 10:21:04 | 000,202,928 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/02/18 22:08:43 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2007/12/02 20:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 20:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 20:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/12/02 20:06:06 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/11/28 18:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/09/10 11:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 11:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 11:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/05/31 17:50:20 | 006,727,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/26 16:29:30 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/04/26 16:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 16:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 16:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 16:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 16:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 16:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 16:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/04/15 23:49:08 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/18 17:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/25 13:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/12/19 16:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/29 01:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/11/02 14:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 13:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 13:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/03/28 10:54:00 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\filedisk.sys -- (FileDisk)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 06:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 06:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 06:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 06:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 06:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 06:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 06:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 06:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 06:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 06:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 06:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 06:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 06:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 06:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 06:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.yahoo.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080212
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080212
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/06/03 18:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dell\Application Data\Mozilla\Extensions
[2009/06/03 18:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dell\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/05/30 19:24:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [\\INTEL\EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-2180042305-3667777505-781362544-1005..\Run: [\\INTEL\EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M1.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\KeyScrambler: DllName - KeyScramblerLogon.dll - C:\WINDOWS\System32\KeyScramblerLogon.dll (QFX Software Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: labetify - (C:\WINDOWS\system32\fxscnlpa.dll) - C:\WINDOWS\System32\fxscnlpa.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2180042305-3667777505-781362544-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/06/04 00:56:17 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
[2010/06/03 04:54:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dell\Recent
[2010/05/31 15:02:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/31 06:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/05/31 06:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/30 23:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/30 14:48:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/30 14:36:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/30 14:36:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/30 14:36:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/30 14:36:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/30 14:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/30 14:35:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/30 13:48:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/30 13:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/30 13:01:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/30 13:01:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/30 13:01:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/30 13:01:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/30 11:55:33 | 004,952,064 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacgui.cpl
[2010/05/30 11:55:33 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2010/05/30 11:55:33 | 000,405,504 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2010/05/30 11:55:33 | 000,094,208 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2010/05/30 11:47:39 | 000,270,336 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2010/05/30 10:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/29 19:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/29 19:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/05/29 18:21:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/29 12:24:06 | 000,021,361 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\AegisP.sys
[2010/05/29 12:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/05/29 12:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/05/29 12:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/05/29 12:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Application Data\Intel
[2010/05/29 07:52:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/29 07:51:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/28 20:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/28 20:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/28 20:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\Local Settings\Application Data\Deployment
[2010/05/24 21:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell\My Documents\2010_R_Garros
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/04 09:51:47 | 000,019,762 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/06/04 09:30:10 | 000,271,405 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\sam3.jpg
[2010/06/04 00:58:36 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe
[2010/06/04 00:56:17 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell\Desktop\OTL.exe
[2010/06/03 13:24:32 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Dell\ntuser.dat
[2010/06/03 09:27:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/03 07:17:18 | 000,447,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/03 07:17:18 | 000,073,818 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/03 07:17:17 | 000,530,354 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/03 07:15:31 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/06/03 07:15:16 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/03 06:26:46 | 000,352,185 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/06/03 06:26:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 06:26:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 04:54:15 | 003,016,391 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\sam2.jpg
[2010/06/03 04:52:48 | 000,568,746 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\sam.jpg
[2010/06/01 12:43:25 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/01 12:43:25 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/01 12:43:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/01 12:27:46 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/30 20:51:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dell\ntuser.ini
[2010/05/30 19:24:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/30 12:03:54 | 002,096,656 | -H-- | M] () -- C:\Documents and Settings\Dell\Local Settings\Application Data\IconCache.db
[2010/05/30 10:29:10 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.lnk
[2010/05/30 00:48:55 | 000,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\AegisP.sys
[2010/05/30 00:48:55 | 000,010,640 | ---- | M] () -- C:\WINDOWS\AegisP.cat
[2010/05/29 19:25:50 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Dell\Desktop\SpywareBlaster.lnk
[2010/05/29 19:11:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/29 17:41:04 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/05/29 12:48:21 | 000,000,568 | ---- | M] () -- C:\WINDOWS\SysMech6.INI
[2010/05/29 07:57:14 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/29 07:52:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 20:04:53 | 008,351,465 | ---- | M] () -- C:\Documents and Settings\Dell\My Documents\R171789.exe
[2010/05/28 19:11:09 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/27 09:56:43 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit_.INI
[2010/05/24 21:20:22 | 000,622,875 | ---- | M] () -- C:\Documents and Settings\Dell\My Documents\2010_R_Garros.jpg
[2010/05/21 11:01:02 | 000,013,211 | ---- | M] () -- C:\Documents and Settings\Dell\My Documents\Dear.docx
[2010/05/20 18:20:16 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010/05/19 00:49:55 | 000,019,762 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/06 19:33:42 | 000,011,068 | ---- | M] () -- C:\Documents and Settings\Dell\My Documents\Projection(1).xlsx
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/04 09:30:09 | 000,271,405 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\sam3.jpg
[2010/06/04 00:58:25 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe
[2010/06/03 04:54:14 | 003,016,391 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\sam2.jpg
[2010/06/03 04:52:47 | 000,568,746 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\sam.jpg
[2010/05/30 14:49:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/30 14:48:59 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/30 14:36:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/30 14:36:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/30 14:36:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/30 14:36:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/30 14:36:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/30 10:29:10 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\HiJackThis.lnk
[2010/05/29 19:25:50 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Dell\Desktop\SpywareBlaster.lnk
[2010/05/29 12:24:06 | 000,010,640 | ---- | C] () -- C:\WINDOWS\AegisP.cat
[2010/05/29 07:52:04 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 20:04:18 | 008,351,465 | ---- | C] () -- C:\Documents and Settings\Dell\My Documents\R171789.exe
[2010/05/27 09:56:43 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2010/05/24 21:20:21 | 000,622,875 | ---- | C] () -- C:\Documents and Settings\Dell\My Documents\2010_R_Garros.jpg
[2010/05/21 09:22:39 | 000,013,211 | ---- | C] () -- C:\Documents and Settings\Dell\My Documents\Dear.docx
[2010/05/06 19:33:41 | 000,011,068 | ---- | C] () -- C:\Documents and Settings\Dell\My Documents\Projection(1).xlsx
[2010/03/16 18:39:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/02/13 16:07:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009/08/15 10:33:42 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\ap_i2p.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/16 12:17:15 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/20 15:36:56 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/27 19:18:00 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/09/07 11:39:55 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/05/14 00:34:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008/05/13 15:22:11 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/05/13 15:22:11 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/05/13 15:05:10 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/05/13 15:05:07 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/05/13 15:05:07 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/03 01:15:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/22 01:51:12 | 000,000,568 | ---- | C] () -- C:\WINDOWS\SysMech6.INI
[2008/02/18 22:36:34 | 001,212,928 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/02/12 05:52:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/12 05:49:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/02/12 05:49:01 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/12 05:49:01 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/12 05:38:00 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/02/12 05:35:25 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/02/12 05:35:25 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/02/12 05:07:36 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/02/12 05:07:36 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/02/12 05:07:36 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/02/12 05:07:35 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/02/12 05:06:04 | 000,001,028 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/29 18:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/29 18:28:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/11/29 18:28:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/11/28 17:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/13 16:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 16:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 16:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 16:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 16:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 16:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 16:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 16:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 16:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 17:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 17:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 17:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 17:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 17:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 17:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 17:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 17:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 17:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 17:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 11:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/08/03 09:59:24 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\CWCCtrl.dll
[2007/06/15 12:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/01/25 13:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 13:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/08/02 13:27:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\NdWebAudioSender.dll
[2006/08/02 13:27:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\NdWebAudioSrc.dll
[2006/08/02 13:27:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\NdWebMultySrc3.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2006/06/02 18:15:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll
[2006/05/24 13:37:27 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/02/24 04:41:59 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/02/24 04:41:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/02/23 12:36:20 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2006/02/23 12:36:20 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll
[2006/02/23 12:36:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\LMOggMux.dll
[2006/01/20 18:53:00 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\ndmpeg4v.dll
[2005/09/02 16:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 06:00:00 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/07/20 19:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 16:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000011.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >




Extras Log

OTL Extras logfile created on: 6/4/2010 9:39:43 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Dell\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 69.90 Gb Free Space | 62.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LATITUDE
Current User Name: Dell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2180042305-3667777505-781362544-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Zone Labs, LLC)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04FE7534-D1E2-45D2-A07C-AFB3D980F9C5}" = VZAccess Manager
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{4EF35707-7052-4331-B8FD-549DB3922AD7}" = TMPGEnc DVD Author 3 with DivX Authoring
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65AB08A4-56A4-4362-A9E7-F0A8D8901F80}" = WModem Driver Installer
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{692854CC-97EF-4307-B787-8C6787B91033}" = Nero 7 Ultra Edition
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{841D4524-7950-4A4F-A4E6-931A1A2E201C}" = TMPGEnc 4.0 XPress
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{93699C3E-005E-4294-87CA-F5B7DE2CD687}" = SnagIt 8
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAB8D9DC-27E5-4C1B-A746-3B874B488D77}" = WModem_Installer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.02.10
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4CAD46-3F3F-4248-B0F2-6B0FAFBE40B1}_is1" = WMPCDText 1.0
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0A3275D-F67F-4C6B-AE4A-753170C2EAC8}" = Garmin MapInstall
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E66803D6-028C-452E-9A25-53BC64589FBE}" = VIPRE Antivirus
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autobahn" = MLB.TV NexDef Plug-in
"BitTornado" = BitTornado 0.3.7
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"GoldWave v5.13" = GoldWave v5.13
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Image To PDF_is1" = Image To PDF v3.3.0
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"KeyScrambler" = KeyScrambler
"LimeWire" = LimeWire PRO 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Wizard 2008_is1" = PC Wizard 2008.1.83
"PowerISO" = PowerISO
"ProInst" = Intel® PROSet/Wireless Software
"Replay Converter 3" = Replay Converter 3
"SearchAssist" = SearchAssist
"SopCast" = SopCast 3.0.3
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SubtitleWorkshop" = Subtitle Workshop 2.51
"System Mechanic Professional 6_is1" = iolo technologies' System Mechanic Professional 6
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.9.1
"Veetle TV" = Veetle TV 0.9.16
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = HTC Touch Pro
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm Pro" = ZoneAlarm Pro

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2180042305-3667777505-781362544-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2010 4:09:01 AM | Computer Name = LATITUDE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/9/2010 4:09:01 AM | Computer Name = LATITUDE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/9/2010 6:08:46 AM | Computer Name = LATITUDE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/9/2010 6:08:46 AM | Computer Name = LATITUDE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/9/2010 6:08:46 AM | Computer Name = LATITUDE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/9/2010 6:08:46 AM | Computer Name = LATITUDE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/9/2010 3:09:08 PM | Computer Name = LATITUDE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/9/2010 3:09:08 PM | Computer Name = LATITUDE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/10/2010 11:25:19 PM | Computer Name = LATITUDE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 1/12/2010 9:26:29 AM | Computer Name = LATITUDE | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

[ System Events ]
Error - 6/1/2010 12:23:17 PM | Computer Name = LATITUDE | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2

Error - 6/1/2010 7:34:22 PM | Computer Name = LATITUDE | Source = Service Control Manager | ID = 7000
Description = The McciCMService service failed to start due to the following error:
%%3

Error - 6/1/2010 7:34:22 PM | Computer Name = LATITUDE | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2

Error - 6/1/2010 7:40:45 PM | Computer Name = LATITUDE | Source = Service Control Manager | ID = 7000
Description = The McciCMService service failed to start due to the following error:
%%3

Error - 6/1/2010 7:40:45 PM | Computer Name = LATITUDE | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2

Error - 6/2/2010 12:30:24 AM | Computer Name = LATITUDE | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{07C3FF9B-FE93-4F4E-A2AF-064C33CAED5D}. The
backup browser is stopping.

Error - 6/2/2010 11:50:24 PM | Computer Name = LATITUDE | Source = Dhcp | ID = 1008
Description = Your computer was unable to initialize a Network Interface attached
to
the system. The error code is: %%31.

Error - 6/2/2010 11:50:31 PM | Computer Name = LATITUDE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 001DE0739787 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/2/2010 11:51:03 PM | Computer Name = LATITUDE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the RasMan service.

Error - 6/3/2010 3:03:52 PM | Computer Name = LATITUDE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >


#4 edge79

edge79
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 04 June 2010 - 10:36 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-04 10:52:19
Windows 5.1.2600 Service Pack 3
Running: rm3qo96e.exe; Driver: C:\DOCUME~1\Dell\LOCALS~1\Temp\ffryapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xB5DB0040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xB5DAC930]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xBA5FC4D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xB5DB0510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xB5DB6870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xB5DB6AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xB5DB9FD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xB5DB0600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xB5DACF20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xB5DB86E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xB5DB8440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xB5DB6580]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Legacy Host Intrusion Prevention System Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xB2FB8E5C]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xB5DB88B0]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Legacy Host Intrusion Prevention System Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xB2FB8FA2]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xB5DACD70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xB5DB6350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xB5DB6150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xB5DB9250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xB5DB8CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xB5DAFC00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xB5DB9080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xB5DB0220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xB5DAD120]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xBA5FC520]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xB5DB6CD0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 12 Bytes [10, 05, DB, B5, 70, 68, DB, ...]
? srescan.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8365380, 0x2F2807, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 00130F54
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 00130FE0
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00130D24
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00130DB0
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\KeyScrambler\keyscrambler.exe[180] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[268] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[268] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\brsvc01a.exe[392] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00A7106C
.text C:\WINDOWS\system32\brsvc01a.exe[392] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00A71184
.text C:\WINDOWS\system32\brsvc01a.exe[392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A710F8
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A701A8
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A70090
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00A70694
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A702C0
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A70234
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00A70004
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 00A7011C
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00A704F0
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00A7057C
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00A703D8
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 00A7034C
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A70464
.text C:\WINDOWS\system32\brsvc01a.exe[392] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00A70608
.text C:\WINDOWS\system32\brsvc01a.exe[392] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A707AC
.text C:\WINDOWS\system32\brsvc01a.exe[392] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A70720
.text C:\WINDOWS\system32\spoolsv.exe[408] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0165106C
.text C:\WINDOWS\system32\spoolsv.exe[408] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01651184
.text C:\WINDOWS\system32\spoolsv.exe[408] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 016510F8
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 016501A8
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01650090
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 01650694
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016502C0
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01650234
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 01650004
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0165011C
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 016504F0
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0165057C
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 016503D8
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0165034C
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01650464
.text C:\WINDOWS\system32\spoolsv.exe[408] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 01650608
.text C:\WINDOWS\system32\spoolsv.exe[408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 016507AC
.text C:\WINDOWS\system32\spoolsv.exe[408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01650720
.text C:\WINDOWS\system32\spoolsv.exe[408] WS2_32.dll!socket 71AB4211 5 Bytes JMP 016508C4
.text C:\WINDOWS\system32\spoolsv.exe[408] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01650838
.text C:\WINDOWS\system32\spoolsv.exe[408] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01650950
.text C:\WINDOWS\system32\brss01a.exe[412] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 008E106C
.text C:\WINDOWS\system32\brss01a.exe[412] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 008E1184
.text C:\WINDOWS\system32\brss01a.exe[412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008E10F8
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008E01A8
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008E0090
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 008E0694
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008E02C0
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008E0234
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 008E0004
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 008E011C
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 008E04F0
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 008E057C
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 008E03D8
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 008E034C
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008E0464
.text C:\WINDOWS\system32\brss01a.exe[412] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 008E0608
.text C:\WINDOWS\system32\brss01a.exe[412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008E07AC
.text C:\WINDOWS\system32\brss01a.exe[412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 008E0720
.text C:\WINDOWS\System32\SCardSvr.exe[496] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006F106C
.text C:\WINDOWS\System32\SCardSvr.exe[496] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 006F1184
.text C:\WINDOWS\System32\SCardSvr.exe[496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F10F8
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006F01A8
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006F0090
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 006F0694
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006F02C0
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006F0234
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 006F0004
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 006F011C
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 006F04F0
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 006F057C
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 006F03D8
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 006F034C
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006F0464
.text C:\WINDOWS\System32\SCardSvr.exe[496] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 006F0608
.text C:\WINDOWS\System32\SCardSvr.exe[496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006F07AC
.text C:\WINDOWS\System32\SCardSvr.exe[496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006F0720
.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0090106C
.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00901184
.text C:\WINDOWS\system32\svchost.exe[548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009010F8
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009001A8
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900090
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00900694
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009002C0
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00900234
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00900004
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0090011C
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 009004F0
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0090057C
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 009003D8
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0090034C
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00900464
.text C:\WINDOWS\system32\svchost.exe[548] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00900608
.text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009007AC
.text C:\WINDOWS\system32\svchost.exe[548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00900720
.text C:\WINDOWS\system32\svchost.exe[548] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 00900F54
.text C:\WINDOWS\system32\svchost.exe[548] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 00900FE0
.text C:\WINDOWS\system32\svchost.exe[548] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900D24
.text C:\WINDOWS\system32\svchost.exe[548] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900DB0
.text C:\WINDOWS\system32\svchost.exe[548] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900E3C
.text C:\WINDOWS\system32\svchost.exe[548] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900EC8
.text C:\WINDOWS\system32\svchost.exe[548] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009008C4
.text C:\WINDOWS\system32\svchost.exe[548] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00900838
.text C:\WINDOWS\system32\svchost.exe[548] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00900950
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0077106C
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00771184
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007710F8
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007701A8
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00770090
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00770694
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007702C0
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00770234
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00770004
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0077011C
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 007704F0
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0077057C
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 007703D8
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0077034C
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00770464
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00770608
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007707AC
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00770720
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007708C4
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00770838
.text C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe[588] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00770950
.text C:\WINDOWS\system32\bgsvcgen.exe[600] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00D2106C
.text C:\WINDOWS\system32\bgsvcgen.exe[600] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D21184
.text C:\WINDOWS\system32\bgsvcgen.exe[600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D210F8
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D201A8
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20090
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00D20694
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D202C0
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20234
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00D20004
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 00D2011C
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00D204F0
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00D2057C
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00D203D8
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 00D2034C
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D20464
.text C:\WINDOWS\system32\bgsvcgen.exe[600] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00D20608
.text C:\WINDOWS\system32\bgsvcgen.exe[600] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D207AC
.text C:\WINDOWS\system32\bgsvcgen.exe[600] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D20720
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 06AE106C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 06AE1184
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 06AE10F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 06AE01A8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 06AE0090
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 06AE0694
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 06AE02C0
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 06AE0234
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 06AE0004
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 06AE011C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 06AE04F0
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 06AE057C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 06AE03D8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 06AE034C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 06AE0464
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 06AE0608
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 06AE07AC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 06AE0720
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] WS2_32.dll!socket 71AB4211 5 Bytes JMP 06AE08C4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] WS2_32.dll!bind 71AB4480 5 Bytes JMP 06AE0838
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[644] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 06AE0950
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0104106C
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01041184
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 010410F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010401A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01040090
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 01040694
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010402C0
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01040234
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 01040004
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0104011C
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 010404F0
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0104057C
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 010403D8
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0104034C
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01040464
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 01040608
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010408C4
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01040838
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01040950
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 010407AC
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01040720
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\dllhost.exe[736] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\dllhost.exe[736] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\dllhost.exe[736] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\dllhost.exe[736] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\dllhost.exe[736] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\dllhost.exe[736] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[796] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\smss.exe[932] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0030106C
.text C:\WINDOWS\System32\smss.exe[932] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00301184
.text C:\WINDOWS\System32\smss.exe[932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003010F8
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0134106C
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01341184
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 013410F8
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013401A8
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01340090
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 01340694
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013402C0
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01340234
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 01340004
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0134011C
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 013404F0
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0134057C
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 013403D8
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0134034C
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01340464
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 01340608
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 013407AC
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01340720
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013408C4
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01340838
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[952] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01340950
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0100106C
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01001184
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 010010F8
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010001A8
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01000090
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 01000694
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 010002C0
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01000234
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 01000004
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0100011C
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 010004F0
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0100057C
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 010003D8
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0100034C
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 01000464
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 01000608
.text C:\WINDOWS\system32\csrss.exe[1000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 010007AC
.text C:\WINDOWS\system32\csrss.exe[1000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01000720
.text C:\WINDOWS\system32\winlogon.exe[1032] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0123106C
.text C:\WINDOWS\system32\winlogon.exe[1032] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01231184
.text C:\WINDOWS\system32\winlogon.exe[1032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 012310F8
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012301A8
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01230090
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 01230694
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012302C0
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01230234
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 01230004
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0123011C
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 012304F0
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0123057C
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 012303D8
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0123034C
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01230464
.text C:\WINDOWS\system32\winlogon.exe[1032] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 01230608
.text C:\WINDOWS\system32\winlogon.exe[1032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 012307AC
.text C:\WINDOWS\system32\winlogon.exe[1032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01230720
.text C:\WINDOWS\system32\winlogon.exe[1032] WS2_32.dll!socket 71AB4211 5 Bytes JMP 012308C4
.text C:\WINDOWS\system32\winlogon.exe[1032] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01230838
.text C:\WINDOWS\system32\winlogon.exe[1032] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01230950
.text C:\WINDOWS\system32\services.exe[1076] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00FB106C
.text C:\WINDOWS\system32\services.exe[1076] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00FB1184
.text C:\WINDOWS\system32\services.exe[1076] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FB10F8
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB01A8
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB0090
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00FB0694
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB02C0
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB0234
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00FB0004
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 00FB011C
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00FB04F0
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00FB057C
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00FB03D8
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 00FB034C
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB0464
.text C:\WINDOWS\system32\services.exe[1076] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00FB0608
.text C:\WINDOWS\system32\services.exe[1076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00FB07AC
.text C:\WINDOWS\system32\services.exe[1076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00FB0720
.text C:\WINDOWS\system32\services.exe[1076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FB08C4
.text C:\WINDOWS\system32\services.exe[1076] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00FB0838
.text C:\WINDOWS\system32\services.exe[1076] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00FB0950
.text C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00C6106C
.text C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00C61184
.text C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C610F8
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C601A8
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60090
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00C60694
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C602C0
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C60234
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00C60004
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 00C6011C
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00C604F0
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00C6057C
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00C603D8
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 00C6034C
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60464
.text C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00C60608
.text C:\WINDOWS\system32\lsass.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C607AC
.text C:\WINDOWS\system32\lsass.exe[1088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C60720
.text C:\WINDOWS\system32\lsass.exe[1088] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C608C4
.text C:\WINDOWS\system32\lsass.exe[1088] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00C60838
.text C:\WINDOWS\system32\lsass.exe[1088] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00C60950
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00AA106C
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00AA1184
.text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AA10F8
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AA01A8
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AA0090
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00AA0694
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AA02C0
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AA0234
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00AA0004
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 00AA011C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00AA04F0
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00AA057C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00AA03D8
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 00AA034C
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AA0464
.text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00AA0608
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AA07AC
.text C:\WINDOWS\system32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AA0720
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA08C4
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00AA0838
.text C:\WINDOWS\system32\svchost.exe[1276] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00AA0950
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00BB106C
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00BB1184
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB10F8
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB01A8
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0090
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00BB0694
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB02C0
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0234
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00BB0004
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 00BB011C
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 00BB04F0
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00BB057C
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00BB03D8
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 00BB034C
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0464
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00BB0608
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BB07AC
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BB0720
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB08C4
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00BB0838
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BB0950
.text C:\WINDOWS\System32\svchost.exe[1384] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0177106C
.text C:\WINDOWS\System32\svchost.exe[1384] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01771184
.text C:\WINDOWS\System32\svchost.exe[1384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 017710F8
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 017701A8
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01770090
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 01770694
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017702C0
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01770234
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 01770004
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0177011C
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 017704F0
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0177057C
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 017703D8
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0177034C
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01770464
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 01770608
.text C:\WINDOWS\System32\svchost.exe[1384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 017707AC
.text C:\WINDOWS\System32\svchost.exe[1384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01770720
.text C:\WINDOWS\System32\svchost.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 017708C4
.text C:\WINDOWS\System32\svchost.exe[1384] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01770838
.text C:\WINDOWS\System32\svchost.exe[1384] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01770950
.text C:\WINDOWS\System32\svchost.exe[1384] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 01770F54
.text C:\WINDOWS\System32\svchost.exe[1384] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 01770FE0
.text C:\WINDOWS\System32\svchost.exe[1384] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01770D24
.text C:\WINDOWS\System32\svchost.exe[1384] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01770DB0
.text C:\WINDOWS\System32\svchost.exe[1384] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01770E3C
.text C:\WINDOWS\System32\svchost.exe[1384] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01770EC8
.text C:\WINDOWS\system32\nvsvc32.exe[1404] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 007D106C
.text C:\WINDOWS\system32\nvsvc32.exe[1404] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 007D1184
.text C:\WINDOWS\system32\nvsvc32.exe[1404] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007D10F8
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007D01A8
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007D0090
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 007D0694
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D02C0
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D0234
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 007D0004
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 007D011C
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 007D04F0
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 007D057C
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 007D03D8
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 007D034C
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007D0464
.text C:\WINDOWS\system32\nvsvc32.exe[1404] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 007D0608
.text C:\WINDOWS\system32\nvsvc32.exe[1404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007D07AC
.text C:\WINDOWS\system32\nvsvc32.exe[1404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007D0720
.text C:\WINDOWS\system32\nvsvc32.exe[1404] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007D08C4
.text C:\WINDOWS\system32\nvsvc32.exe[1404] WS2_32.dll!bind 71AB4480 5 Bytes JMP 007D0838
.text C:\WINDOWS\system32\nvsvc32.exe[1404] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 007D0950
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0063106C
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00631184
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006310F8
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006301A8
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630090
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00630694
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006302C0
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00630234
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00630004
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0063011C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 006304F0
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0063057C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 006303D8
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0063034C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630464
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00630608
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006307AC
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00630720
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006C106C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 006C1184
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006C10F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C01A8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0090
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 006C0694
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C02C0
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C0234
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 006C0004
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 006C011C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 006C04F0
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 006C057C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 006C03D8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 006C034C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C0464
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 006C0608
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C07AC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006C0720
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0711106C
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 07111184
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 071110F8
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 071101A8
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 07110090
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 07110694
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 071102C0
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 07110234
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 07110004
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0711011C
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 071104F0
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0711057C
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 071103D8
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0711034C
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 07110464
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 07110608
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 071107AC
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 07110720
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] WS2_32.dll!socket 71AB4211 5 Bytes JMP 071108C4
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] WS2_32.dll!bind 71AB4480 5 Bytes JMP 07110838
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 07110950
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 07110F54
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 07110FE0
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 07110D24
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 07110DB0
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 07110E3C
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1488] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 07110EC8
.text C:\WINDOWS\system32\svchost.exe[1688] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 009D106C
.text C:\WINDOWS\system32\svchost.exe[1688] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 009D1184
.text C:\WINDOWS\system32\svchost.exe[1688] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009D10F8
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009D01A8
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009D0090
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 009D0694
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D02C0
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009D0234
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 009D0004
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 009D011C
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 009D04F0
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 009D057C
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 009D03D8
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 009D034C
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009D0464
.text C:\WINDOWS\system32\svchost.exe[1688] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 009D0608
.text C:\WINDOWS\system32\svchost.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009D07AC
.text C:\WINDOWS\system32\svchost.exe[1688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009D0720
.text C:\WINDOWS\system32\svchost.exe[1688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D08C4
.text C:\WINDOWS\system32\svchost.exe[1688] WS2_32.dll!bind 71AB4480 5 Bytes JMP 009D0838
.text C:\WINDOWS\system32\svchost.exe[1688] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 009D0950
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1756] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1756] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1756] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1756] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1756] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1756] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1756] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1756] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1756] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1756] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\dllhost.exe[2788] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\dllhost.exe[2788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\dllhost.exe[2788] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\dllhost.exe[2788] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\dllhost.exe[2788] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\dllhost.exe[2788] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3016] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[3184] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[3184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[3184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[3184] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[3184] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[3184] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[3408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\RunDLL32.exe[3568] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\RunDLL32.exe[3568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\RunDLL32.exe[3568] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\rundll32.exe[3596] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\rundll32.exe[3596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\rundll32.exe[3596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\msdtc.exe[3728] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\msdtc.exe[3728] WS2_32.dll!socket 71AB4211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\msdtc.exe[3728] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\msdtc.exe[3728] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\msdtc.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\msdtc.exe[3728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[3780] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[3780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[3780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00080720
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001308C4
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00130838
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3804] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00130950
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Dell\Desktop\rm3qo96e.exe[16180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00130720

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B5DB4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B5DB51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B5DB5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B5DB4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B5DB4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B5DB4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B5DB51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B5DB5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B5DB4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B5DB4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B5DB5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B5DB51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B5DB5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B5DB51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B5DB4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B5DB4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B5DB4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B5DB51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B5DB5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B5DB5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B5DB51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B5DB4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B5DB4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B5DB4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B5DB4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B5DB5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B5DB51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \FileSystem\Fastfat \Fat 95B67D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:18 AM

Posted 04 June 2010 - 03:17 PM

Hi there,

Combofix removed a nasty rootkit. Please consider this first:

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


P2P WARNING
-------------------
Going over your logs I noticed that you have LimeWire installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the log when done.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 edge79

edge79
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 04 June 2010 - 11:54 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4169

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/4/2010 8:40:55 PM
mbam-log-2010-06-04 (20-40-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 224630
Time elapsed: 2 hour(s), 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:18 AM

Posted 05 June 2010 - 04:00 AM

Hi, do you have any problems left?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 edge79

edge79
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 08 June 2010 - 11:36 PM

Should I use cleaning process also on ESET Scan ??

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:18 AM

Posted 09 June 2010 - 04:46 AM

You mean the option to uninstall the online scanner applet after finishing? Yes you can do that, it doesn't really matter though, since you can always uninstall it later using Add/Remove programs as well.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:18 AM

Posted 15 June 2010 - 06:08 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:18 AM

Posted 25 June 2010 - 09:01 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users