Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde and sdbot.avx? Spybot on start up. Blue screen x2 with gmer scan


  • This topic is locked This topic is locked
15 replies to this topic

#1 Konjo

Konjo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 23 June 2010 - 11:28 AM

Hello! I hope someone can help.

Sequence of events: I did a routine Spybot scan, it came up with Virtumonde.sdn, I tried to fix it but Spybot said I didn't have administrator rights so started spybot in admin mode. Scanned once again. Found Virtumonde.sdn again and this time seemed to fix successfully. Closed down computer. Then when booted up again the computer went straight to a Spybot scan and the scan ran on and on and on.... after a couple of hours I tried to cancel it, but it did not respond. Was able to cancel through ctr/alt/delete.

Went on spybot forum and read about virtumonde, and then came to bleeping computer. When trying to follow instructions to turn of spybot tea timer as read should do so before running any removal tools, saw in spybot start up list a reference to sdbot.avx worm attached to java. So I thought I should register with Bleeping Computer to see if you guys could help and see exactly what I do have on my computer.

Followed the instructions in the preparation guide but when running the gmer application my computer crashed and I got a blue screen telling me that a serious error had been made and the computer had to shut down. On rebooting I got the message 'Windows has recovered from an unexpected shutdown', I was going to post the problem details but before I did I decided to try the gmer scan again and the same thing happened- blue screen, serious error because something had been deleted. I copied the windows problem details from the unexpected shut down, they are as follows:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: f4
BCP1: 00000003
BCP2: 879D5478
BCP3: 879D55C4
BCP4: 8226A710
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini062310-02.dmp
C:\Users\Wendy\AppData\Local\Temp\WER-63414-0.sysdata.xml
C:\Users\Wendy\AppData\Local\Temp\WER3AED.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409

Now, here follows the dss.txt report:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Wendy at 19:55:05.60 on 23/06/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2938.1273 [GMT 5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\lxcjcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\igfxext.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\sony\VAIO Media plus\VMpTtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Wendy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.club-vaio.com
uDefault_Page_URL = hxxp://www.club-vaio.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mDefault_Page_URL = hxxp://www.club-vaio.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [VMpTtray.exe] c:\program files\sony\vaio media plus\VMpTtray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
mRun: [lxcjmon.exe] "c:\program files\lexmark 8300 series\lxcjmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 8300 series\ezprint.exe"
mRun: [Skytel] Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\wendy\appdata\roaming\mozilla\firefox\profiles\yblzsi8g.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\wendy\appdata\roaming\mozilla\firefox\profiles\yblzsi8g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\wendy\appdata\roaming\mozilla\firefox\profiles\yblzsi8g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-13 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-23 28552]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-28 214664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-28 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-11-28 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-11-28 144704]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-11-28 303104]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-22 104992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-23 1153368]
R2 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-11-28 103712]
R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-11-28 353568]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-11-28 62752]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2008-11-28 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-10-23 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-9-12 446464]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-11-28 337184]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-11-28 17920]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-1 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-28 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-28 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-28 40552]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-10-22 9344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-23 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-23 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-28 34248]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-11-28 83232]

=============== Created Last 30 ================

2010-06-13 06:33:40 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-12 05:52:18 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-12 05:52:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-12 05:52:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-12 05:52:06 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-12 05:52:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-12 05:51:51 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-30 04:52:28 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 14:33:30 347483 ----a-w- c:\users\wendy\PJ Orderform.pdf

==================== Find3M ====================

2010-05-21 09:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-23 12:31:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-12 12:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-12-07 18:03:14 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-07 18:03:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-07 18:03:14 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-07 18:03:14 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:56:50.42 ===============

Many thanks in advance for your assistance. I am very worried that I can't get my computer functioning properly again and that my data is somehow being hacked!

I look forward to hearing from you - Konjo

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:24 PM

Posted 28 June 2010 - 03:48 PM


Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 Konjo

Konjo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 04 July 2010 - 02:59 AM

Many thanks for your reply. Unfortunately I am away from my computer until 20 July. I hope we can keep this thread open until I am able to get back and respond? Many thanks once again.

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:24 PM

Posted 04 July 2010 - 11:57 AM

Hi-

I will keep it open. When you are ready, post a reply.
Shannon

#5 Konjo

Konjo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 24 July 2010 - 04:59 AM

Many thanks for keeping the posy open. The description of my problem is in the first message. I have pasted a new dss report below. This time when I tried to do a GMER scan just opening the file caused my computer to go to a blue screen, do a memory dump and restart itself. I look forward to your advice. Many thanks once again - Konjo


DDS (Ver_10-03-17.01) - NTFSx86
Run by Wendy at 14:49:33.55 on 24/07/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2938.1263 [GMT 5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\lxcjcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\sony\Marketing Tools\MarketingTools.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\sony\VAIO Media plus\VMpTtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Wendy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.club-vaio.com
uDefault_Page_URL = hxxp://www.club-vaio.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mDefault_Page_URL = hxxp://www.club-vaio.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [VMpTtray.exe] c:\program files\sony\vaio media plus\VMpTtray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
mRun: [lxcjmon.exe] "c:\program files\lexmark 8300 series\lxcjmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 8300 series\ezprint.exe"
mRun: [Skytel] Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\wendy\appdata\roaming\mozilla\firefox\profiles\yblzsi8g.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\wendy\appdata\roaming\mozilla\firefox\profiles\yblzsi8g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\wendy\appdata\roaming\mozilla\firefox\profiles\yblzsi8g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-13 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-23 28552]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-28 214664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-28 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-11-28 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-11-28 144704]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-11-28 303104]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-22 104992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-23 1153368]
R2 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-11-28 103712]
R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-11-28 353568]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-11-28 62752]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2008-11-28 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-10-23 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-9-12 446464]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-11-28 337184]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-11-28 17920]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-28 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-28 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-28 34248]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-10-22 9344]
S2 0009231279963260mcinstcleanup;McAfee Application Installer Cleanup (0009231279963260);c:\windows\temp\000923~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\000923~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-23 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-23 30192]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-28 40552]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-11-28 83232]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-1 606736]

=============== Created Last 30 ================

2010-06-24 18:30:07 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 18:30:07 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 18:30:07 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 18:30:07 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 18:30:07 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 18:26:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 18:26:44 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2010-07-15 10:18:22 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-13 06:30:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 09:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 19:15:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2009-12-07 18:03:14 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-07 18:03:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-07 18:03:14 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-07 18:03:14 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:50:09.79 ===============


#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:24 PM

Posted 24 July 2010 - 07:04 AM

Welcome back. Let's see if we can find you some help.
Shannon

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:24 PM

Posted 01 August 2010 - 09:07 AM

Hi, Konjo-

Welcome to Bleeping Computer.

I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please don't make any further changes or run any other tools unless instructed to. Additional changes may hinder the cleaning of your machine.

When asked to copy logs or reports into your reply, please copy them directly into your reply. Do not include them in quotes. Do not attach them unless asked to do so. In Notepad, please turn off Word Wrap under the Format menu.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Please give me some time to look over your log. I will post the reply as soon as possible.

Shannon

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:24 PM

Posted 02 August 2010 - 02:18 PM

Hi-

Sorry for the delay. I would like to run a couple of additional system scans and to try to run GMER again with some different options.

First, please download Malwarebytes' Anti-Malware (MBAM) from HERE.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Note: If you are unable to get MBAM to run, download one of the following Rkill programs to your desktop, run it, and then try MBAM again. If you are unable run the Rkill you downloaded, download another one, and try it.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 or 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next, we need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Under the Custom Scan box paste in the contents of the CODE box.
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
  • Push the button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Now, let's run GMER from wherever you installed it earlier, but this time we will disable one of the normal options (see below in green).
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • On the menu on the right side of the window, uncheck the Devices by clicking on it.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
If you are still unable to run GMER, in the instructions above replace the green line with the following purple line and try again.
  • On the menu on the right side of the window, uncheck all except Sections by clicking on them. Sections will be the only one checked.

In your reply
, please copy in the MBAM, OTL(2) and GMER reports.

Thanks
,
Shannon

#9 Konjo

Konjo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 03 August 2010 - 09:46 AM

Dear Shannon - many thanks for your reply. Please find the requested scan reports pasted below. I look forward to your response. Best - Konjo.

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4383

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

03/08/2010 09:30:41
mbam-log-2010-08-03 (09-30-41).txt

Scan type: Full scan (C:\|)
Objects scanned: 261741
Time elapsed: 1 hour(s), 47 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL Report 1


OTL logfile created on: 03/08/2010 09:34:27 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Wendy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 136.32 Gb Free Space | 61.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE-PC
Current User Name: Wendy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/03 09:32:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Wendy\Desktop\OTL.exe
PRC - [2010/07/28 07:27:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/04 07:33:10 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/19 10:27:04 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/04/24 11:28:38 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/11 11:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/28 03:00:49 | 000,024,576 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\Marketing Tools\MarketingTools.exe
PRC - [2008/11/25 00:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/25 00:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/06 07:32:28 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe
PRC - [2008/11/06 07:32:28 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/11/06 05:53:56 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\Network Utility\NSUService.exe
PRC - [2008/11/06 05:53:56 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\Network Utility\LANUtil.exe
PRC - [2008/10/24 00:05:30 | 000,095,528 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Media plus\VMpTtray.exe
PRC - [2008/10/21 23:52:38 | 000,353,568 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Media plus\SOHDms.exe
PRC - [2008/10/21 23:52:38 | 000,062,752 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Media plus\SOHDs.exe
PRC - [2008/10/21 23:52:36 | 000,103,712 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Media plus\SOHCImp.exe
PRC - [2008/10/17 15:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/09/18 23:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/12 08:28:26 | 000,446,464 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/09/08 22:59:54 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/09/08 22:59:52 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/09/05 23:56:58 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Power Management\SPMService.exe
PRC - [2008/09/05 23:54:58 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Power Management\SPMgr.exe
PRC - [2008/08/29 09:21:36 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008/08/22 05:08:02 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/12 12:13:24 | 000,337,184 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/04/04 09:32:48 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe
PRC - [2008/01/12 06:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/05/08 18:13:08 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 8300 Series\ezprint.exe
PRC - [2007/05/08 18:09:00 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
PRC - [2007/02/08 07:52:50 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcjcoms.exe
PRC - [2007/01/05 08:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/08/03 09:32:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Wendy\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 11:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 07:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/04 07:33:10 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/25 06:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 16:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/03/03 16:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/25 00:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/25 00:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/25 00:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/06 07:32:28 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/11/06 05:53:56 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/10/23 02:55:08 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)
SRV - [2008/10/21 23:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 23:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 23:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 15:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/18 23:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/12 08:28:26 | 000,446,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/09/08 22:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 22:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 22:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/05 23:56:58 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/08/02 03:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/06/12 12:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/12 12:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/20 14:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 14:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 14:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/01/21 07:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/12 06:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/02/08 07:52:50 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcjcoms.exe -- (lxcj_device)
SRV - [2007/01/05 08:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/06/13 11:30:33 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/10/17 15:50:31 | 002,149,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/07 06:47:20 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/03 05:00:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/08/23 04:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/08/22 05:07:56 | 002,377,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/08/22 05:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/06/28 05:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/10 05:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/07 05:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/05/28 05:07:16 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/04/25 03:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/04/22 05:20:41 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/01/25 07:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/25 07:14:16 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/01/25 07:14:12 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/01/25 07:14:12 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/01/21 07:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 07:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 07:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 07:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 07:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 07:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 07:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 07:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 07:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 07:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 07:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 07:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 07:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 07:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 07:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 07:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 07:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 07:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 07:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 07:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 07:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 07:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 07:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 07:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 07:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 07:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/04/18 12:54:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/18 09:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/03/10 07:42:50 | 000,181,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/02 14:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 14:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 14:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 14:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 14:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 14:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 14:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 14:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 14:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 14:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 14:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 13:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 13:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 13:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 13:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 13:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 13:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 12:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...mp;sourceid=ie7
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-935163503-2233931139-875466735-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.18
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:5.0.0
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/05 08:49:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/24 11:30:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 07:27:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 07:27:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/24 11:29:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/03/30 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\Wendy\AppData\Roaming\Mozilla\Extensions
[2010/08/03 07:43:00 | 000,000,000 | ---D | M] -- C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\yblzsi8g.default\extensions
[2010/05/26 06:18:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\yblzsi8g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/07 22:32:54 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\yblzsi8g.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2010/04/23 16:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\yblzsi8g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/05/01 10:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 10:32:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/28 07:27:29 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/28 07:27:29 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/28 07:27:29 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/28 07:27:30 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 02:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-935163503-2233931139-875466735-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-935163503-2233931139-875466735-1005\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-935163503-2233931139-875466735-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 8300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LXCJCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcjmon.exe] C:\Program Files\Lexmark 8300 Series\lxcjmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-935163503-2233931139-875466735-1005..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-935163503-2233931139-875466735-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-935163503-2233931139-875466735-1005..\Run: [VMpTtray.exe] C:\Program Files\sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKU\S-1-5-21-935163503-2233931139-875466735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-935163503-2233931139-875466735-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.65.175.74 203.82.48.4
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Wendy\Pictures\Ethiopia\Konjo\IMG_6373.JPG
O24 - Desktop BackupWallPaper: C:\Users\Wendy\Pictures\Ethiopia\Konjo\IMG_6373.JPG
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 02:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0763259c-ad0c-11de-9bf0-001dbaaec3fb}\Shell - "" = Autorun
O33 - MountPoints2\{0763259c-ad0c-11de-9bf0-001dbaaec3fb}\Shell\Explore\command - "" = System_Volume_Information\_restore{26864C17-18DD-4561-8410}\driver.exe -e
O33 - MountPoints2\{0763259c-ad0c-11de-9bf0-001dbaaec3fb}\Shell\Open\command - "" = System_Volume_Information\_restore{26864C17-18DD-4561-8410}\driver.exe
O33 - MountPoints2\{72778e47-b0a4-11de-bcff-001dbaaec3fb}\Shell - "" = Autorun
O33 - MountPoints2\{72778e47-b0a4-11de-bcff-001dbaaec3fb}\Shell\Explore\command - "" = F:\System_Volume_Information\_restore{26864C17-18DD-4561-8410}\driver.exe -- File not found
O33 - MountPoints2\{72778e47-b0a4-11de-bcff-001dbaaec3fb}\Shell\Open\command - "" = F:\System_Volume_Information\_restore{26864C17-18DD-4561-8410}\driver.exe -- File not found
O33 - MountPoints2\{d787945c-1e0d-11de-8f84-001dbaaec3fb}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\setup.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/03 09:32:30 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Wendy\Desktop\OTL.exe
[2010/08/03 07:41:39 | 000,000,000 | ---D | C] -- C:\Users\Wendy\AppData\Roaming\Malwarebytes
[2010/08/03 07:41:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/03 07:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/03 07:41:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/03 07:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/03 07:38:30 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Wendy\Desktop\mbam-setup-1.46.exe
[2009/08/06 19:00:21 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcjhcp.dll
[2009/08/06 19:00:20 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcjserv.dll
[2009/08/06 19:00:20 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcjusb1.dll
[2009/08/06 19:00:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcjpmui.dll
[2009/08/06 19:00:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcjinpa.dll
[2009/08/06 19:00:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcjiesc.dll
[2009/08/06 19:00:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcjprox.dll
[2009/08/06 19:00:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcjpplc.dll
[2009/08/06 19:00:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcjhbn3.dll
[2009/08/06 19:00:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcjlmpm.dll
[2009/08/06 19:00:18 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcjcomc.dll
[2009/08/06 19:00:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcjcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/08/03 09:34:32 | 004,194,304 | -HS- | M] () -- C:\Users\Wendy\ntuser.dat
[2010/08/03 09:32:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Wendy\Desktop\OTL.exe
[2010/08/03 09:30:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/03 09:30:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/03 09:27:17 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010/08/03 09:11:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/03 09:03:57 | 000,044,032 | ---- | M] () -- C:\Users\Wendy\Desktop\11 - Brains.doc
[2010/08/03 08:40:51 | 000,045,056 | ---- | M] () -- C:\Users\Wendy\Desktop\10 - WinQ.doc
[2010/08/03 07:41:25 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/03 07:38:48 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Wendy\Desktop\mbam-setup-1.46.exe
[2010/08/03 07:32:02 | 000,025,017 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/08/03 07:30:47 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/03 07:30:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/03 07:30:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/02 07:10:13 | 000,524,288 | -HS- | M] () -- C:\Users\Wendy\ntuser.dat{a02f6524-828f-11de-862f-001dbaaec3fb}.TMContainer00000000000000000001.regtrans-ms
[2010/08/02 07:10:13 | 000,065,536 | -HS- | M] () -- C:\Users\Wendy\ntuser.dat{a02f6524-828f-11de-862f-001dbaaec3fb}.TM.blf
[2010/08/01 11:02:40 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/07/29 12:30:39 | 000,048,640 | ---- | M] () -- C:\Users\Wendy\Desktop\50 - Leonard Cheshire Disability.doc
[2010/07/29 11:50:15 | 000,035,840 | ---- | M] () -- C:\Users\Wendy\Desktop\TVET I - UNRC.doc
[2010/07/29 11:28:06 | 000,048,128 | ---- | M] () -- C:\Users\Wendy\Desktop\49- W. Wien & Associates.doc
[2010/07/29 10:56:45 | 000,048,640 | ---- | M] () -- C:\Users\Wendy\Desktop\48 - Light for the World.doc
[2010/07/29 10:14:12 | 000,049,152 | ---- | M] () -- C:\Users\Wendy\Desktop\47 - GBTI.doc
[2010/07/28 19:09:39 | 001,721,425 | -H-- | M] () -- C:\Users\Wendy\AppData\Local\IconCache.db
[2010/07/25 15:17:33 | 000,002,651 | ---- | M] () -- C:\Users\Wendy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/07/24 14:52:43 | 243,307,785 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/15 15:18:22 | 000,130,424 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys

========== Files Created - No Company Name ==========

[2010/08/03 08:41:30 | 000,044,032 | ---- | C] () -- C:\Users\Wendy\Desktop\11 - Brains.doc
[2010/08/03 08:10:43 | 000,045,056 | ---- | C] () -- C:\Users\Wendy\Desktop\10 - WinQ.doc
[2010/08/03 07:41:25 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/29 11:50:15 | 000,035,840 | ---- | C] () -- C:\Users\Wendy\Desktop\TVET I - UNRC.doc
[2010/07/29 09:42:36 | 000,048,640 | ---- | C] () -- C:\Users\Wendy\Desktop\50 - Leonard Cheshire Disability.doc
[2010/07/29 09:40:58 | 000,048,128 | ---- | C] () -- C:\Users\Wendy\Desktop\49- W. Wien & Associates.doc
[2010/07/29 09:39:09 | 000,048,640 | ---- | C] () -- C:\Users\Wendy\Desktop\48 - Light for the World.doc
[2010/07/29 07:49:21 | 000,049,152 | ---- | C] () -- C:\Users\Wendy\Desktop\47 - GBTI.doc
[2009/12/07 21:26:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/06 19:00:21 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcjinst.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/11/28 03:09:34 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/10/22 23:39:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2008/10/22 23:38:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/22 23:38:29 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/01/22 11:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcjcoin.dll
[2006/11/02 17:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/18 08:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcjvs.dll
[2005/08/08 12:01:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcjcnv4.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >


< MD5 for: AGP440.SYS >
[2008/01/21 07:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 07:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 07:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 07:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 07:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 14:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 11:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 11:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 07:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 07:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 07:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 14:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 14:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 14:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/04/22 05:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008/04/22 05:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/22 05:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
[2008/04/22 05:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 07:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 07:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 07:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 14:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 11:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 11:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 07:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 14:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 07:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 07:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 07:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 07:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 11:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 11:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/21 07:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/21 07:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 11:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 11:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >


OTL Report 2 - Extras

OTL Extras logfile created on: 03/08/2010 09:34:27 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Wendy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 136.32 Gb Free Space | 61.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE-PC
Current User Name: Wendy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-935163503-2233931139-875466735-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093DD133-D6F8-479E-92E7-F9919BDF2E84}" = rport=445 | protocol=6 | dir=out | app=system |
"{0B08676C-94EF-4BAD-A5C3-D90A3F45C7AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{29ABA427-9C37-4243-82A8-6E3C71352483}" = rport=139 | protocol=6 | dir=out | app=system |
"{3ED75172-622C-4AD5-809F-D1C9C453FB3D}" = lport=139 | protocol=6 | dir=in | app=system |
"{433B9810-A685-4453-9322-6296D9ACEC28}" = rport=138 | protocol=17 | dir=out | app=system |
"{54B50F8C-123E-469D-854D-71870CCBE3AA}" = lport=138 | protocol=17 | dir=in | app=system |
"{7F7E6773-1C9A-4700-9124-DE8215A0C61C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9AF592AA-299E-421F-9CB1-45DE35761A83}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BB38C9A8-8071-499E-8CB0-8137B23DA28F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C63C9DC7-FF09-412A-AFD6-2806AA8804E1}" = rport=137 | protocol=17 | dir=out | app=system |
"{D864DD8F-1D6F-48B7-BAE5-720282CD8310}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE476D39-2EA1-4318-B861-5333C24A1995}" = lport=137 | protocol=17 | dir=in | app=system |
"{E4C7F307-A7AB-4883-A1E8-2E10A369A224}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{096CCC2E-77BA-4D8A-B128-AAE1492F55E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0BB96C78-D660-4D34-AEE0-32244A05C5AA}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohdms.exe |
"{12117CFC-269F-4BD2-8290-BE91544DE280}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1AFFE73D-50CB-45DC-86DA-C69721F8CF21}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohds.exe |
"{2280EDBA-3B06-45A7-8697-992626D0CBF8}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{27B85B4A-3EEB-4AF1-B1FB-4270268FEAB3}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{319290AE-1F44-43E9-9A3D-B2D1C103F52D}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{3301D3FD-57B8-4360-99F3-1140124F2BD4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe |
"{474C2C0E-7E8D-4586-87E1-5BAB0C96AC80}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe |
"{4940C552-2E7D-44C3-A8B0-15C19336CF04}" = protocol=6 | dir=in | app=c:\windows\system32\lxcjcoms.exe |
"{5551C52B-F929-4E49-BCCA-691C970EA308}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{58B512A4-F9FD-4105-A2AA-56E3948B722B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5A442162-98A3-47FB-BADB-E7672A9A45D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{66D3AF0B-89FF-4B3B-BBCD-BD7A2C0F4FA8}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
"{80990C53-E0D4-4A10-B5B0-E3367DA7F377}" = protocol=17 | dir=in | app=c:\windows\system32\lxcjcoms.exe |
"{862B292C-4D71-45B2-8398-E9F0A68B42AF}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{8B21E6A5-1583-44BC-8469-604D0E5D54A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B2A787A-FF8B-43FF-B258-0230849A49FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{98C2DCD4-8831-4A37-8C59-AB338948FEB1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9ABCDFA7-1608-4A1C-BADE-ADABA4CD8A7B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A324CF78-71B3-4120-A0B9-FAFDD6739159}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohdms.exe |
"{A3C45837-9B7F-4930-93CF-E5BFD496F789}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
"{B88DA3BB-5616-476C-8D16-9D9FAF131E01}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohcimp.exe |
"{DCE21BF1-BB9D-42E5-97CE-24D0A24AFCBB}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohcimp.exe |
"{E7D07862-A959-4DED-ABC9-15E8D821E295}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohds.exe |
"{EE0A3D40-B2D1-4DB5-904C-81DC5470689E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FA413751-BA57-4088-AAF4-F7789D1C73FB}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{FAAE56E3-0298-4130-AC5A-4D6E728CE5D5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{088C7311-A3BB-43C5-B046-C114D2F9728C}" = VAIO Media plus
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C27866B-00E1-4AFF-A199-C7E978A10FC6}" = HUAWEI Mobile Connect
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6D4673B7-A982-43E5-82E9-13E037681478}" = Click to Disc
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75F52FAC-16CE-4A2A-B89A-9742F39A1864}" = VAIO Movie Story
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F2D688-B8CB-4461-A92D-6B35279DAE8F}" = VAIO Content Folder Watcher
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{A2052C95-48CC-4AC9-A8D4-FCD89DDD8F2C}" = VAIO Content Folder Watcher
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5FBA9C1-21D3-4210-A604-CF9E38238F35}" = VAIO Entertainment Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"dt icon module" =
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"Lexmark 8300 Series" = Lexmark 8300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSC" = McAfee SecurityCenter
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"VAIO Help and Support" =
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"YPOPs_is1" = YPOPs! 0.9.7.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-935163503-2233931139-875466735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/05/2010 10:13:52 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 20/05/2010 10:13:59 | Computer Name = Office-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 20/05/2010 22:19:33 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 20/05/2010 22:19:43 | Computer Name = Office-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 25/05/2010 10:14:47 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/05/2010 10:14:56 | Computer Name = Office-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 30/05/2010 00:39:12 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/05/2010 00:39:21 | Computer Name = Office-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 04/06/2010 23:44:14 | Computer Name = Office-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/06/2010 23:44:32 | Computer Name = Office-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

[ Media Center Events ]
Error - 10/06/2009 02:47:42 | Computer Name = Office-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 17/08/2009 03:56:11 | Computer Name = Office-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 04/07/2009 14:09:07 | Computer Name = Office-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/12/2009 03:56:24 | Computer Name = Office-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29/07/2010 14:12:58 | Computer Name = Office-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 29/07/2010 14:13:16 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30/07/2010 08:15:39 | Computer Name = Office-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 30/07/2010 08:15:57 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/07/2010 00:35:36 | Computer Name = Office-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 31/07/2010 00:35:54 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/07/2010 09:01:35 | Computer Name = Office-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 31/07/2010 09:01:54 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02/08/2010 22:30:45 | Computer Name = Office-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 02/08/2010 22:31:02 | Computer Name = Office-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


GMER Report


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-03 19:33:08
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Wendy\AppData\Local\Temp\pwryapod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8EDBB79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8EDBB738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8EDBB74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8EDBB7DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8EDBB81F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8EDBB710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8EDBB724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8EDBB7B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8EDBB847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8EDBB833]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8EDBB78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8EDBB776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8EDBB80B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8EDBB7F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8EDBB7C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8EDBB762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8202D9D2 5 Bytes JMP 8EDBB7CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 821C15B5 5 Bytes JMP 8EDBB823 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 821CBB82 5 Bytes JMP 8EDBB766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 821F2DA3 5 Bytes JMP 8EDBB80F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 822124FA 7 Bytes JMP 8EDBB7E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 822127BD 5 Bytes JMP 8EDBB7F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 82216528 5 Bytes JMP 8EDBB77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8221BF3D 7 Bytes JMP 8EDBB7B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 8221E15A 5 Bytes JMP 8EDBB728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 82222C08 5 Bytes JMP 8EDBB714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 82243E19 5 Bytes JMP 8EDBB7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 82254892 5 Bytes JMP 8EDBB837 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 82255A96 5 Bytes JMP 8EDBB84B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 82293847 5 Bytes JMP 8EDBB73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82293892 7 Bytes JMP 8EDBB750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 8229434F 5 Bytes JMP 8EDBB78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[644] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[644] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\services.exe[728] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 002100B6
.text C:\Windows\system32\services.exe[728] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 00210F70
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 002100E2
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 002100D1
.text C:\Windows\system32\services.exe[728] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 00210F8B
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 00210FCA
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 0021001B
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 00210091
.text C:\Windows\system32\services.exe[728] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 00210065
.text C:\Windows\system32\services.exe[728] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 0021004A
.text C:\Windows\system32\services.exe[728] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 00210FA8
.text C:\Windows\system32\services.exe[728] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 00210FB9
.text C:\Windows\system32\services.exe[728] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 00210080
.text C:\Windows\system32\services.exe[728] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 002100F3
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 00210FE5
.text C:\Windows\system32\services.exe[728] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 0021000A
.text C:\Windows\system32\services.exe[728] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 00210F55
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 0024002C
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 00240FA5
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 00240000
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 00240F8A
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 0024003D
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 00240FCA
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 00240FE5
.text C:\Windows\system32\services.exe[728] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 00240011
.text C:\Windows\system32\services.exe[728] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 0022002C
.text C:\Windows\system32\services.exe[728] msvcrt.dll!system 75C6804B 5 Bytes JMP 00220011
.text C:\Windows\system32\services.exe[728] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 00220FB5
.text C:\Windows\system32\services.exe[728] msvcrt.dll!_open 75C6D106 5 Bytes JMP 00220FE3
.text C:\Windows\system32\services.exe[728] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 00220000
.text C:\Windows\system32\services.exe[728] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 00220FC6
.text C:\Windows\system32\services.exe[728] WS2_32.dll!socket 76B236D1 5 Bytes JMP 0023000A
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 00200083
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 00200F3D
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 00200F0E
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 002000A5
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 00200F5F
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 0020000A
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 00200FC3
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 00200F4E
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 00200F70
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 00200FB2
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 00200F97
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 0020002F
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 0020005E
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 00200EFD
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 00200FD4
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 00200FEF
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 00200094
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 00860F83
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 00860FB9
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 00860FEF
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 00860F9E
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 00860040
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 00860FCA
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 0086000A
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 00860025
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 0021006C
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!system 75C6804B 5 Bytes JMP 00210FD7
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 0021002C
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_open 75C6D106 5 Bytes JMP 00210000
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 00210047
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 00210011
.text C:\Windows\system32\lsass.exe[744] WS2_32.dll!socket 76B236D1 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 001E0F54
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 001E009A
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 001E0F1E
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 001E0F2F
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 001E0F9E
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 001E0014
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 001E0025
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 001E0089
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 001E006C
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 001E0051
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 001E0FAF
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 001E0036
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 001E0F79
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 001E0F0D
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 001E00B5
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 001F0F9A
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!system 75C6804B 5 Bytes JMP 001F0FAB
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 001F0FBC
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_open 75C6D106 5 Bytes JMP 001F0FE3
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 001F0011
.text C:\Windows\system32\svchost.exe[960] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 00210F7C
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 00210FA8
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 00210FE5
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 00210F97
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 00210F61
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 00210FCA
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 00210FB9
.text C:\Windows\system32\svchost.exe[960] WS2_32.dll!socket 76B236D1 5 Bytes JMP 00200000
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 006E0091
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 006E0076
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 006E0F01
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 006E0F1C
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 006E0F66
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 006E0FB9
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 006E0000
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 006E0065
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 006E0040
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 006E001B
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 006E0F83
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 006E0F94
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 006E0F55
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 006E0EF0
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 006E0FD4
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 006E0FEF
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 006E00A2
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 006F0011
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!system 75C6804B 5 Bytes JMP 006F0F90
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 006F0FB5
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_open 75C6D106 5 Bytes JMP 006F0FE3
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 006F0000
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 006F0FD2
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 007A004A
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 007A001E
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 007A0FEF
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 007A0039
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 007A0F8D
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 007A0FC3
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 007A0FDE
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 007A0FA8
.text C:\Windows\system32\svchost.exe[1024] WS2_32.dll!socket 76B236D1 5 Bytes JMP 00700000
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 00220073
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 00220062
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 00220EE6
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 00220EF7
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 0022002C
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 00220FB9
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 0022000A
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 00220047
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 0022001B
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 00220F79
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 00220F5E
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 00220F94
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 00220F37
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 00220ED5
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 00220FD4
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 00220FEF
.text C:\Windows\System32\svchost.exe[1064] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 00220F08
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 00240F88
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!system 75C6804B 5 Bytes JMP 0024001D
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 00240FD2
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_open 75C6D106 5 Bytes JMP 00240FEF
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 00240FAD
.text C:\Windows\System32\svchost.exe[1064] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 0024000C
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 002C0FA8
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 002C0040
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 002C0FEF
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 002C0FB9
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 002C0F97
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 002C000A
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 002C0FD4
.text C:\Windows\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 002C0025
.text C:\Windows\System32\svchost.exe[1064] WS2_32.dll!socket 76B236D1 5 Bytes JMP 00250FEF
.text C:\Windows\System32\svchost.exe[1064] wininet.dll!InternetOpenA 76FFD47D 5 Bytes JMP 002D0000
.text C:\Windows\System32\svchost.exe[1064] wininet.dll!InternetOpenW 76FFD7DA 5 Bytes JMP 002D001B
.text C:\Windows\System32\svchost.exe[1064] wininet.dll!InternetOpenUrlA 76FFFE4B 5 Bytes JMP 002D0FE5
.text C:\Windows\System32\svchost.exe[1064] wininet.dll!InternetOpenUrlW 77049139 5 Bytes JMP 002D0FD4
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 007B00D4
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 007B00C3
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 007B0103
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 007B0F6C
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 007B0086
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 007B001B
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 007B002C
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 007B00B2
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 007B0FAC
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 007B004E
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 007B005F
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 007B003D
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 007B0097
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 007B0F51
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 007B0FE5
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 007B0000
.text C:\Windows\System32\svchost.exe[1196] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 007B0F7D
.text C:\Windows\System32\svchost.exe[1196] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 01000066
.text C:\Windows\System32\svchost.exe[1196] msvcrt.dll!system 75C6804B 5 Bytes JMP 01000FDB
.text C:\Windows\System32\svchost.exe[1196] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 01000044
.text C:\Windows\System32\svchost.exe[1196] msvcrt.dll!_open 75C6D106 5 Bytes JMP 0100000C
.text C:\Windows\System32\svchost.exe[1196] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 01000055
.text C:\Windows\System32\svchost.exe[1196] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 01000029
.text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 01060FB2
.text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 01060FCD
.text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 01060FEF
.text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 01060054
.text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 0106006F
.text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 01060025
.text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 01060014
.text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 01060FDE
.text C:\Windows\System32\svchost.exe[1196] WS2_32.dll!socket 76B236D1 5 Bytes JMP 01010FEF
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 00F6009B
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 00F60F4B
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 00F600BD
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 00F60F30
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 00F60F88
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 00F60FE5
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 00F60FCA
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 00F60F5C
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 00F60062
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 00F60040
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 00F60051
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 00F60FB9
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 00F60F77
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 00F600D8
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 00F6001B
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 00F60000
.text C:\Windows\System32\svchost.exe[1228] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 00F600AC
.text C:\Windows\System32\svchost.exe[1228] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 00F7003D
.text C:\Windows\System32\svchost.exe[1228] msvcrt.dll!system 75C6804B 5 Bytes JMP 00F7002C
.text C:\Windows\System32\svchost.exe[1228] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 00F70FCD
.text C:\Windows\System32\svchost.exe[1228] msvcrt.dll!_open 75C6D106 5 Bytes JMP 00F70000
.text C:\Windows\System32\svchost.exe[1228] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 00F70FB2
.text C:\Windows\System32\svchost.exe[1228] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 00F70011
.text C:\Windows\System32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 00F90FA5
.text C:\Windows\System32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 00F90FC0
.text C:\Windows\System32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 00F90000
.text C:\Windows\System32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 00F90047
.text C:\Windows\System32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 00F9006C
.text C:\Windows\System32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 00F90FDB
.text C:\Windows\System32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 00F90011
.text C:\Windows\System32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 00F9002C
.text C:\Windows\System32\svchost.exe[1228] WS2_32.dll!socket 76B236D1 5 Bytes JMP 00F80FEF
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 00FF007E
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 00FF0F2E
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 00FF0099
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 00FF0EF8
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 00FF0F75
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 00FF001E
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 00FF0FCD
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 00FF0F49
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 00FF0F86
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 00FF0FA1
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 00FF0043
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 00FF0FB2
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 00FF0F5A
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 00FF0EE7
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 00FF0FDE
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 00FF0FEF
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 00FF0F1D
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 01420053
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!system 75C6804B 5 Bytes JMP 01420FC8
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 01420027
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_open 75C6D106 5 Bytes JMP 01420FEF
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 01420038
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 0142000C
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 0148000A
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 01480F8D
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 01480FEF
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 01480F72
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 0148001B
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 01480FB9
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 01480FDE
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 01480F9E
.text C:\Windows\system32\svchost.exe[1268] WS2_32.dll!socket 76B236D1 5 Bytes JMP 01470000
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 006D00D6
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 006D0F86
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 006D00F1
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 006D0F5A
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 006D0FB9
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 006D001B
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 006D0FCA
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 006D0F97
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 006D0087
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 006D0051
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 006D006C
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 006D0036
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 006D0FA8
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 75AA903B 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 006D0F3F
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 006D0FE5
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 006D0000
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 006D0F75
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 009B0027
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!system 75C6804B 5 Bytes JMP 009B0F9C
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 009B0FD2
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_open 75C6D106 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 009B0FC1
.text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 009B0FE3
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 00A50F61
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 00A50F83
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 00A50FE5
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 00A50F72
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 00A50F50
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 00A50FAF
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 00A50FCA
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 00A50F94
.text C:\Windows\system32\svchost.exe[1432] WS2_32.dll!socket 76B236D1 5 Bytes JMP 009C0FE5
.text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenA 76FFD47D 5 Bytes JMP 00A6000A
.text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenW 76FFD7DA 5 Bytes JMP 00A60FEF
.text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenUrlA 76FFFE4B 5 Bytes JMP 00A60FDE
.text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenUrlW 77049139 5 Bytes JMP 00A60025
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 00D900AE
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 00D90F68
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 00D90F43
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 00D900DA
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 00D9006E
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 00D90025
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 00D90036
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 00D90089
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 00D90F8A
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 00D90047
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 00D90FA5
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 00D90FC0
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 00D90F79
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 00D900EB
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 00D90FEF
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 00D90000
.text C:\Windows\system32\svchost.exe[1688] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 00D900BF
.text C:\Windows\system32\svchost.exe[1688] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 00DA0053
.text C:\Windows\system32\svchost.exe[1688] msvcrt.dll!system 75C6804B 5 Bytes JMP 00DA0FBE
.text C:\Windows\system32\svchost.exe[1688] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 00DA001D
.text C:\Windows\system32\svchost.exe[1688] msvcrt.dll!_open 75C6D106 5 Bytes JMP 00DA0000
.text C:\Windows\system32\svchost.exe[1688] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 00DA002E
.text C:\Windows\system32\svchost.exe[1688] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 00DA0FE3
.text C:\Windows\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 00DC0F97
.text C:\Windows\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 00DC0039
.text C:\Windows\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 00DC0FEF
.text C:\Windows\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 00DC0FB2
.text C:\Windows\system32\svchost.exe[1688] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 00DC0054
.text C:\Windows\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 00DC0FCD
.text C:\Windows\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 00DC0FDE
.text C:\Windows\system32\svchost.exe[1688] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 00DC001E
.text C:\Windows\system32\svchost.exe[1688] WS2_32.dll!socket 76B236D1 5 Bytes JMP 00DB0000
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 002B009B
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 002B0080
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 002B00C7
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 002B0F3A
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 002B0F70
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 002B0014
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 002B0FB9
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 002B0065
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 002B0F8B
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 002B0040
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 002B0FA8
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 002B0025
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 002B0F5F
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 002B00D8
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 002B0FDE
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 002B0FEF
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 002B00B6
.text C:\Windows\system32\svchost.exe[1960] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 00750058
.text C:\Windows\system32\svchost.exe[1960] msvcrt.dll!system 75C6804B 5 Bytes JMP 0075003D
.text C:\Windows\system32\svchost.exe[1960] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 0075001B
.text C:\Windows\system32\svchost.exe[1960] msvcrt.dll!_open 75C6D106 5 Bytes JMP 00750000
.text C:\Windows\system32\svchost.exe[1960] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 0075002C
.text C:\Windows\system32\svchost.exe[1960] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 00750FD7
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 00770040
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 00770025
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 0077000A
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 00770F9E
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 0077005B
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 00770FDE
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 00770FEF
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 00770FC3
.text C:\Windows\system32\svchost.exe[1960] WS2_32.dll!socket 76B236D1 5 Bytes JMP 00760FEF
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 00140F4B
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 00140091
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 00140F30
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 001400D1
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 00140F7A
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 00140FD4
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 00140025
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 00140080
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 00140F97
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 0014004A
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 00140FA8
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 00140FC3
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 0014006F
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 001400E2
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 00140000
.text C:\Windows\system32\svchost.exe[2324] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 001400B6
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 0017003B
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!system 75C6804B 5 Bytes JMP 00170FB0
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 00170FC1
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!_open 75C6D106 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 00170016
.text C:\Windows\system32\svchost.exe[2324] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 00170FDE
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 001F0051
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 001F0FAF
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 001F0036
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 001F0F94
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 001F0011
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[2324] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 001F0FC0
.text C:\Windows\system32\svchost.exe[2324] WS2_32.dll!socket 76B236D1 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 005D0F1E
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 005D0F43
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 005D0EF9
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 005D0090
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 005D005A
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 005D0011
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 005D0FB6
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 005D0F5E
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 005D0F80
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 005D002C
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 005D003D
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 005D0FA5
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 005D0F6F
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 005D0EE8
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 005D0FDB
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 005D0000
.text C:\Windows\system32\svchost.exe[2724] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 005D007F
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 005E0FAF
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!system 75C6804B 5 Bytes JMP 005E0FC0
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_creat 75C6BBE1 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 005E0FE5
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_open 75C6D106 5 Bytes JMP 005E0000
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 005E003A
.text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 005E0029
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 00710FA5
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 00710036
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 0071000A
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 00710051
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 00710F8A
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 0071001B
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 00710FE5
.text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 00710FCA
.text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!socket 76B236D1 5 Bytes JMP 00700000
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 00080F59
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 0008009F
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 00080F23
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 000800BA
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 00080F7E
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 0008001B
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 00080FCA
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 0008008E
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 00080058
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 00080047
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 00080FA5
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 00080036
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 00080073
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 00080F12
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 00080FE5
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 0008000A
.text C:\Windows\system32\DllHost.exe[3004] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 00080F3E
.text C:\Windows\system32\DllHost.exe[3004] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 0009003F
.text C:\Windows\system32\DllHost.exe[3004] msvcrt.dll!system 75C6804B 5 Bytes JMP 0009002E
.text C:\Windows\system32\DllHost.exe[3004] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 0009001D
.text C:\Windows\system32\DllHost.exe[3004] msvcrt.dll!_open 75C6D106 5 Bytes JMP 00090FEF
.text C:\Windows\system32\DllHost.exe[3004] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 00090FBE
.text C:\Windows\system32\DllHost.exe[3004] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 0009000C
.text C:\Windows\system32\DllHost.exe[3004] ADVAPI32.dll!RegCreateKeyExA 76B739AB 1 Byte [E9]
.text C:\Windows\system32\DllHost.exe[3004] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 000A0FAF
.text C:\Windows\system32\DllHost.exe[3004] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 000A0036
.text C:\Windows\system32\DllHost.exe[3004] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 000A0000
.text C:\Windows\system32\DllHost.exe[3004] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 000A0051
.text C:\Windows\system32\DllHost.exe[3004] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 000A0076
.text C:\Windows\system32\DllHost.exe[3004] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 000A0FDB
.text C:\Windows\system32\DllHost.exe[3004] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 000A0011
.text C:\Windows\system32\DllHost.exe[3004] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 000A0FCA
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 000500D6
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 000500BB
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 000500F1
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 00050F50
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 0005007B
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 00050025
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 00050F86
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 00050FA1
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 00050FB2
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 00050054
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 00050FC3
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 00050096
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 0005010C
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3128] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 00050F75
.text C:\Windows\System32\svchost.exe[3128] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 00060FB2
.text C:\Windows\System32\svchost.exe[3128] msvcrt.dll!system 75C6804B 5 Bytes JMP 0006003D
.text C:\Windows\System32\svchost.exe[3128] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 00060FCD
.text C:\Windows\System32\svchost.exe[3128] msvcrt.dll!_open 75C6D106 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3128] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 00060022
.text C:\Windows\System32\svchost.exe[3128] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 00060FDE
.text C:\Windows\System32\svchost.exe[3128] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 00070FA8
.text C:\Windows\System32\svchost.exe[3128] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 0007004A
.text C:\Windows\System32\svchost.exe[3128] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[3128] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 00070FC3
.text C:\Windows\System32\svchost.exe[3128] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 00070065
.text C:\Windows\System32\svchost.exe[3128] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 0007002F
.text C:\Windows\System32\svchost.exe[3128] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[3128] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 00070FDE
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 00150F4A
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 0015009A
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 00150F25
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 001500BC
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 00150F83
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 00150FCA
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 00150FAF
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 0015007F
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 00150051
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 00150F9E
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 00150040
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 00150025
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 0015006E
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 00150F0A
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 00150000
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 00150FE5
.text C:\Windows\system32\DllHost.exe[3612] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 001500AB
.text C:\Windows\system32\DllHost.exe[3612] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 001D0FBE
.text C:\Windows\system32\DllHost.exe[3612] msvcrt.dll!system 75C6804B 5 Bytes JMP 001D0049
.text C:\Windows\system32\DllHost.exe[3612] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 001D001D
.text C:\Windows\system32\DllHost.exe[3612] msvcrt.dll!_open 75C6D106 5 Bytes JMP 001D0000
.text C:\Windows\system32\DllHost.exe[3612] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 001D002E
.text C:\Windows\system32\DllHost.exe[3612] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 001D0FE3
.text C:\Windows\system32\DllHost.exe[3612] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 001E0F7C
.text C:\Windows\system32\DllHost.exe[3612] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 001E0FA8
.text C:\Windows\system32\DllHost.exe[3612] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\DllHost.exe[3612] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 001E0F8D
.text C:\Windows\system32\DllHost.exe[3612] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 001E0F61
.text C:\Windows\system32\DllHost.exe[3612] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 001E0FCD
.text C:\Windows\system32\DllHost.exe[3612] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\DllHost.exe[3612] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 001E0014
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!GetStartupInfoW 75A61929 5 Bytes JMP 02400076
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!GetStartupInfoA 75A619C9 5 Bytes JMP 02400065
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!CreateProcessW 75A61BF3 5 Bytes JMP 02400EE9
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!CreateProcessA 75A61C28 5 Bytes JMP 02400EFA
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!VirtualProtect 75A61DC3 5 Bytes JMP 02400F66
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!CreateNamedPipeA 75A62EF5 5 Bytes JMP 0240001B
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!CreateNamedPipeW 75A65C0C 5 Bytes JMP 02400FC0
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!CreatePipe 75A88E6E 5 Bytes JMP 02400F3A
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!LoadLibraryExW 75A89109 5 Bytes JMP 02400F77
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!LoadLibraryW 75A89362 5 Bytes JMP 02400FA5
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!LoadLibraryExA 75A894B4 5 Bytes JMP 02400F94
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!LoadLibraryA 75A894DC 5 Bytes JMP 0240002C
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!VirtualProtectEx 75A8DBDA 5 Bytes JMP 02400F55
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!GetProcAddress 75AA903B 5 Bytes JMP 02400ED8
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!CreateFileW 75AAAECB 5 Bytes JMP 0240000A
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!CreateFileA 75AACE5F 5 Bytes JMP 02400FE5
.text C:\Windows\Explorer.EXE[4836] kernel32.dll!WinExec 75AF5CF7 5 Bytes JMP 02400F0B
.text C:\Windows\Explorer.EXE[4836] ADVAPI32.dll!RegCreateKeyExA 76B739AB 5 Bytes JMP 03C8006C
.text C:\Windows\Explorer.EXE[4836] ADVAPI32.dll!RegCreateKeyA 76B73BA9 5 Bytes JMP 03C80040
.text C:\Windows\Explorer.EXE[4836] ADVAPI32.dll!RegOpenKeyA 76B789C7 5 Bytes JMP 03C80000
.text C:\Windows\Explorer.EXE[4836] ADVAPI32.dll!RegCreateKeyW 76B8391E 5 Bytes JMP 03C80051
.text C:\Windows\Explorer.EXE[4836] ADVAPI32.dll!RegCreateKeyExW 76B841F1 5 Bytes JMP 03C8007D
.text C:\Windows\Explorer.EXE[4836] ADVAPI32.dll!RegOpenKeyExA 76B87C42 5 Bytes JMP 03C8001B
.text C:\Windows\Explorer.EXE[4836] ADVAPI32.dll!RegOpenKeyW 76B8E2B5 5 Bytes JMP 03C80FE5
.text C:\Windows\Explorer.EXE[4836] ADVAPI32.dll!RegOpenKeyExW 76B97BA1 5 Bytes JMP 03C80FCA
.text C:\Windows\Explorer.EXE[4836] msvcrt.dll!_wsystem 75C67F2F 5 Bytes JMP 03BB0F75
.text C:\Windows\Explorer.EXE[4836] msvcrt.dll!system 75C6804B 5 Bytes JMP 03BB0000
.text C:\Windows\Explorer.EXE[4836] msvcrt.dll!_creat 75C6BBE1 5 Bytes JMP 03BB0FB5
.text C:\Windows\Explorer.EXE[4836] msvcrt.dll!_open 75C6D106 5 Bytes JMP 03BB0FEF
.text C:\Windows\Explorer.EXE[4836] msvcrt.dll!_wcreat 75C6D326 5 Bytes JMP 03BB0F90
.text C:\Windows\Explorer.EXE[4836] msvcrt.dll!_wopen 75C6D501 5 Bytes JMP 03BB0FC6
.text C:\Windows\Explorer.EXE[4836] WS2_32.dll!socket 76B236D1 5 Bytes JMP 03BC0FEF
.text C:\Windows\Explorer.EXE[4836] WININET.dll!InternetOpenA 76FFD47D 5 Bytes JMP 03C90FE5
.text C:\Windows\Explorer.EXE[4836] WININET.dll!InternetOpenW 76FFD7DA 5 Bytes JMP 03C90000
.text C:\Windows\Explorer.EXE[4836] WININET.dll!InternetOpenUrlA 76FFFE4B 5 Bytes JMP 03C90FCA
.text C:\Windows\Explorer.EXE[4836] WININET.dll!InternetOpenUrlW 77049139 5 Bytes JMP 03C90025

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7442A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74408395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7445CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@OfflineDetectionPending 1

---- EOF - GMER 1.0.15 ----


#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:24 PM

Posted 03 August 2010 - 11:44 AM

Hi-

I am checking the reports that you sent. How is your computer doing? What problems are you having?

Thanks,
Shannon

#11 Konjo

Konjo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 03 August 2010 - 09:12 PM

Hi! Well I originally posted on this forum because of the following (I've cut and pasted from my first post)

Sequence of events: I did a routine Spybot scan, it came up with Virtumonde.sdn, I tried to fix it but Spybot said I didn't have administrator rights so started spybot in admin mode. Scanned once again. Found Virtumonde.sdn again and this time seemed to fix successfully. Closed down computer. Then when booted up again the computer went straight to a Spybot scan and the scan ran on and on and on.... after a couple of hours I tried to cancel it, but it did not respond. Was able to cancel through ctr/alt/delete.

Went on spybot forum and read about virtumonde, and then came to bleeping computer. When trying to follow instructions to turn of spybot tea timer as read should do so before running any removal tools, saw in spybot start up list a reference to sdbot.avx worm attached to java. So I thought I should register with Bleeping Computer to see if you guys could help and see exactly what I do have on my computer.

Followed the instructions in the preparation guide but when running the gmer application my computer crashed and I got a blue screen telling me that a serious error had been made and the computer had to shut down. On rebooting I got the message 'Windows has recovered from an unexpected shutdown', I was going to post the problem details but before I did I decided to try the gmer scan again and the same thing happened- blue screen, serious error because something had been deleted.

I am not having problems with my computer as such, although it does run a bit slow, it is more that I am concerned that I have malware on my computer (as spybot says) and want to check whether this is the case or not and if I have I want to remove it safely and correctly.

Many thanks smile.gif

Konjo

#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:24 PM

Posted 05 August 2010 - 10:41 AM

Hi-

From the one of the scans it appears that you had a another drive on F: - a Western Digital drive? What can you tell me about this drive - what was/is it used for?

Thanks,
Shannon

#13 Konjo

Konjo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 06 August 2010 - 06:14 AM

Hi - that would be my external hard drive. Mainly used for back-up and for watching downloaded movies / TV series. Thanks.

#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:24 PM

Posted 06 August 2010 - 02:07 PM

Hi-

One of the scans indicated that your external hard drive(F:) might have had an infected auto start file. We need to run Flash_Disinfector against it and any USB flash drives that you have.

Flash_Disinfector is a specialized fix tool created by sUBs to remove infections that load an autorun.inf file on removable media. Flash_Disinfector will create a hidden "dummy" autorun folder/file with special permissions in each partition and every external drive that was connected when the tool was run. This folder helps to keep the malicious autorun.ini file from being installed on the root drive and running other malicious files which will infect the computer.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

While we are at it, let's run Malwarebytes' Anti-Malware (MBAM) on the F: drive. Make sure it is attached, and then -
Please run Malwarebytes' Anti-Malware (MBAM)
  • Select "Perform Full Scan", then click Scan.
  • Select the F: drive and click Scan.
  • It will scan critical areas on the C: drive before scaning the F: drive.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
In your reply, please copy in the MBAM report and let me know how the Flash_Disinfector went.

Thanks,
Shannon

#15 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:24 PM

Posted 11 August 2010 - 08:26 AM

Hi-

Do you still have a problem or should we close this ticket?

Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users