Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus and possible other unknown


  • This topic is locked This topic is locked
8 replies to this topic

#1 katydragon

katydragon

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 10 July 2010 - 01:06 PM

Hi,

I have a reasonably new laptop, never had any problems with it, I run the latest version of McAfee Total protection and do my updates for that and Windows as I am supposed to. In the last couple of days, though, McAfee has removed two viruses (both Generic Dropper I think) from my computer, and I'm having problems with what I think is a google redirect virus and possibly another nasty that causes a blue screen and crash.

Please bear with me as I am no computer expert at all, I just know enough to get by, so I'm not being deliberately thick. I have done as the preparation guide instructed and have produced the required logs.

I would be very grateful for any advice to get my poor computer back to full health! Thank you very much!

Katy
_____________________


DDS (Ver_10-03-17.01) - NTFSx86
Run by Katy at 17:46:48.33 on 10/07/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1301 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Katy\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Katy\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Katy\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.club-vaio.com
uDefault_Page_URL = hxxp://www.club-vaio.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100512222425.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PanelApp] c:\users\katy\appdata\local\valued opinions\panelapp\PanelApp.exe
uRun: [odcihajv] c:\users\katy\appdata\local\cxuhbpaqk\xtvmvcmtssd.exe
uRun: [Wgecumipober] rundll32.exe "c:\users\katy\appdata\local\mfwrmb.dll",Startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Xqometijok] rundll32.exe "c:\users\katy\appdata\local\uwuyuhaxovabuyud.dll",Startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\katy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\katy\appdata\roaming\mozilla\firefox\profiles\d4e4boty.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://hol.org.uk/|http://thebadgersett.us/forum/index.php?&&&CODE=00|http://katy-l.livejournal.com/|http://katy-halfadragon.blogspot.com/|http://news.bbc.co.uk/|http://www.facebook.com/whatkatydidnext?ref=profile#!/whatkatydidnext?ref=profile|http://forums.confetti.co.uk/?plckForumPage=Forum&plckForumId=Cat%3aWeddingsForum%3a7
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\katy\appdata\local\valued opinions\panelapp\ff\components\FFoxAddinStub.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {4337E97A-BF72-4767-9391-19CA96A668E1} - c:\users\katy\appdata\local\{4337E97A-BF72-4767-9391-19CA96A668E1}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-21 385880]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-4-21 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-4-21 160720]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-5-24 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-5-24 166504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-1 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-21 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-21 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-21 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-21 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-21 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-21 141792]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-8-14 299008]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-5-24 840936]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-9 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-10 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-21 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-21 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-21 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-21 312616]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-21 83496]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-9 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-14 30192]
S3 PanelSvc;PanelSvc;c:\program files\valued opinions\panelapp\PanelSvc.exe [2009-12-30 91136]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-14 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-14 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-14 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-14 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-14 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-07-10 16:25:40 0 d-----w- c:\users\katy\HijackThis
2010-07-10 16:24:42 212961 ----a-w- c:\users\katy\HijackThis.rar
2010-07-10 14:02:47 0 d-----w- c:\programdata\WindowsSearch
2010-06-24 02:00:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:00:39 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:00:39 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:00:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:00:39 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 11:55:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 11:55:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-11 13:45:11 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 13:45:08 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 13:45:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 13:45:00 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-11 13:44:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-11 13:44:31 2037248 ----a-w- c:\windows\system32\win32k.sys

==================== Find3M ====================

2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-21 15:04:36 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-21 15:04:36 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-21 15:04:33 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-30 03:09:12 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:50:55.38 ===============

Attached Files


Edited by katydragon, 10 July 2010 - 04:47 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:03:25 AM

Posted 13 July 2010 - 03:31 AM

Hello, katydragon.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 katydragon

katydragon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 13 July 2010 - 03:33 PM

Hi, thank you for helping me! Here are the logs: It took a bit of effort to get the Gmer one, it crashed a couple of times and then actually got to the end of the scan, then crashed as soon as the file saved on two occasions, the first of which the file didn't actually seem to save. Is that normal?

Anyway, here goes. I hope I've done it correctly, many apologies if not!

Logfile of random's system information tool 1.08 (written by random/random)
Run by Katy at 2010-07-13 18:34:05
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 156 GB (68%) free of 230 GB
Total RAM: 2938 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:34:27, on 13/07/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Katy\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Katy\Downloads\RSIT.exe
C:\Program Files\trend micro\Katy.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100512222425.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Xqometijok] rundll32.exe "C:\Users\Katy\AppData\Local\uwuyuhaxovabuyud.dll",Startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PanelApp] C:\Users\Katy\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe
O4 - HKCU\..\Run: [odcihajv] C:\Users\Katy\AppData\Local\cxuhbpaqk\xtvmvcmtssd.exe
O4 - HKCU\..\Run: [Wgecumipober] rundll32.exe "C:\Users\Katy\AppData\Local\mfwrmb.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14393 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2009-12-21 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-12-15 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100512222425.dll [2010-04-27 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-10 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-20 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-10 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\PROGRA~1\GOOGLE~1\BAE.dll [2006-06-23 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-10 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-04 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-04 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-04 145944]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6295552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-10 835584]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2008-04-04 317280]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-12 30192]
"MarketingTools"=C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [2008-08-14 24576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-04-01 1180976]
"Xqometijok"=C:\Users\Katy\AppData\Local\uwuyuhaxovabuyud.dll [2009-04-11 185344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"=C:\Program Files\Sony\Network Utility\LANUtil.exe [2008-06-28 262144]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-01 39408]
"PanelApp"=C:\Users\Katy\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe [2009-12-30 31232]
"odcihajv"=C:\Users\Katy\AppData\Local\cxuhbpaqk\xtvmvcmtssd.exe []
"Wgecumipober"=C:\Users\Katy\AppData\Local\mfwrmb.dll [2009-04-11 65536]

C:\Users\Katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-04 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2008-07-07 98304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-07-13 18:21:31 ----D---- C:\Program Files\trend micro
2010-07-13 18:19:18 ----D---- C:\rsit
2010-07-10 15:02:47 ----D---- C:\ProgramData\WindowsSearch
2010-06-24 03:00:39 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-24 03:00:39 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-24 03:00:39 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-24 03:00:39 ----A---- C:\Windows\system32\mscoree.dll
2010-06-24 03:00:39 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 12:55:24 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-23 12:55:23 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

======List of files/folders modified in the last 1 months======

2010-07-13 18:33:37 ----D---- C:\Windows\Temp
2010-07-13 18:32:53 ----D---- C:\Program Files\Mozilla Thunderbird
2010-07-13 18:32:01 ----SHD---- C:\System Volume Information
2010-07-13 18:31:49 ----D---- C:\Windows\system32\catroot2
2010-07-13 18:21:31 ----RD---- C:\Program Files
2010-07-13 08:05:54 ----D---- C:\Windows\System32
2010-07-13 08:05:54 ----D---- C:\Windows\inf
2010-07-13 08:05:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-13 07:57:32 ----D---- C:\Windows\Minidump
2010-07-13 07:57:25 ----D---- C:\Windows
2010-07-10 18:57:38 ----D---- C:\Windows\system32\spool
2010-07-10 15:02:47 ----HD---- C:\ProgramData
2010-07-10 14:54:46 ----SHD---- C:\Windows\Installer
2010-07-10 14:54:39 ----D---- C:\Program Files\Java
2010-07-10 14:54:39 ----D---- C:\Program Files\Common Files
2010-07-04 13:08:33 ----SD---- C:\Users\Katy\AppData\Roaming\Microsoft
2010-06-27 20:30:36 ----D---- C:\Program Files\Mozilla Firefox
2010-06-26 03:11:33 ----D---- C:\Windows\Microsoft.NET
2010-06-26 03:11:32 ----RSD---- C:\Windows\assembly
2010-06-26 03:01:39 ----D---- C:\Windows\system32\en-US
2010-06-26 03:01:27 ----D---- C:\Program Files\Microsoft.NET
2010-06-24 03:17:44 ----D---- C:\Windows\AppPatch
2010-06-24 03:17:43 ----D---- C:\Windows\ehome
2010-06-24 03:02:06 ----D---- C:\Windows\winsxs
2010-06-24 03:01:42 ----D---- C:\Windows\system32\catroot
2010-06-24 00:05:51 ----D---- C:\Users\Katy\AppData\Roaming\skypePM
2010-06-16 00:24:55 ----D---- C:\Users\Katy\AppData\Roaming\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-22 312344]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-04-27 385880]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-04-08 44944]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2008-06-28 10216]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
R1 RapportKELL;RapportKELL; \??\C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [2010-05-24 59240]
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [2010-05-24 166504]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-01-25 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-06-28 68608]
R2 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdptsk.sys [2008-06-21 46592]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-01-25 8192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-06-10 909824]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-04-27 55456]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-01-25 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-01-25 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-04 2377216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2149912]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-04-27 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-04-27 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2010-04-27 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-10 181560]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-01-25 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-05-28 310272]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-09 3548672]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-06-07 131000]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-01-05 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 NSUService;NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [2008-06-28 299008]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-05-24 840936]
R2 RtkAudioService;Realtek Audio Service; C:\Windows\RtkAudioService.exe [2008-07-03 104992]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2008-07-07 182112]
R2 VAIO Power Management;VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
R2 VCFw;VAIO Content Folder Watcher; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2008-05-22 192512]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-01-25 386560]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2008-06-19 279848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-12 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-26 182768]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-03-10 364216]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2008-05-20 53248]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2008-05-20 53248]
S3 PanelSvc;PanelSvc; C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe [2009-12-30 91136]
S3 SOHCImp;VAIO Media plus Content Importer; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
S3 SOHDms;VAIO Media plus Digital Media Server; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
S3 SOHDs;VAIO Media plus Device Searcher; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2008-05-20 77824]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [2008-05-22 73728]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-07-13 18:34:36

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{3D173DC5-4AE5-4B3F-9819-3977DD11B1D0}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft WebCam Companion 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9973498D-EA29-4A68-BE0B-C88D6E03E928}\Setup.exe" -l0x9
Big Fish Games Game Suite-->"C:\Program Files\Big Fish Games Game Suite\Uninstall.exe"
Browser Address Error Redirector-->regsvr32 /u /s "C:\PROGRA~1\GOOGLE~1\BAE.dll"
Business Contact Manager for Outlook 2007 SP2-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP2-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Click to Disc Editor-->C:\Program Files\InstallShield Installation Information\{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}\setup.exe -runfromtemp -l0x0409
Click to Disc-->C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x0009 -removeonly
Coupon Printer-->"C:\Program Files\Coupon Printer\uninstall.exe" "/U:C:\Program Files\Coupon Printer\Uninstall\uninstall.xml"
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
HijackThis 1.99.1-->C:\Users\Katy\HijackThis\HijackThis.exe /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE C:\PROGRA~1\COMMON~1\Risxtd\Install.log
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
McAfee Total Protection-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0.5)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x0009 -removeonly
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenMG Secure Module 5.1.00-->C:\Program Files\InstallShield Installation Information\{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}\IS_Setup.exe -l0x0409 /z"UNINSTALL"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Rapport-->msiexec /x{1DD81E7D-0D28-4ceb-87B2-C041A4FCB215} /lvx+ "C:\ProgramData\Trusteer\Rapport\logs\uninstall.log"
Rapport-->MsiExec.exe /X{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Easy Media Creator 10 LJ-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Easy Media Creator Home-->MsiExec.exe /I{FE51662F-D8F6-43B5-99D9-D4894AF00F83}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Setting Utility Series-->"C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -runfromtemp -l0x0009 -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Sony Video Shared Library-->C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb983486)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E}
VAIO Content Folder Setting-->"C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata Intelligent Analyzing Manager-->C:\Program Files\InstallShield Installation Information\{FD72E69E-CF34-4071-BFD6-FD081A365E2C}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata Manager Setting-->C:\Program Files\InstallShield Installation Information\{FE697886-F392-4E0D-A0C0-47587BF60992}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{CB8A8696-93EC-414E-A752-850AB133F68A}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Control Center-->"C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Data Restore Tool-->C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO DVD Menu Data Basic-->C:\Program Files\InstallShield Installation Information\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Entertainment Platform-->C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Event Service-->"C:\Program Files\InstallShield Installation Information\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Guide -->"C:\Program Files\InstallShield Installation Information\{326DC400-1FC4-4D7D-946D-06D1EAB93200}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Launcher-->"C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Marketing Tools-->C:\Program Files\Sony\Marketing Tools\Uninstaller.exe /bootstrap
VAIO Media plus-->"C:\Program Files\InstallShield Installation Information\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Movie Story Template Data-->C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Movie Story-->C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO MusicBox Sample Music-->"C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO MusicBox-->"C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Original Function Setting-->"C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Power Management-->"C:\Program Files\InstallShield Installation Information\{5F5867F0-2D23-4338-A206-01A76C823924}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Presentation Support-->"C:\Program Files\InstallShield Installation Information\{2018C019-30D9-4240-8C01-0865C10DCF5A}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Smart Network-->"C:\Program Files\InstallShield Installation Information\{3B659FAD-E772-44A3-B7E7-560FF084669F}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Update 4-->"C:\Program Files\InstallShield Installation Information\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Wallpaper Contents-->"C:\Program Files\InstallShield Installation Information\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Valued Opinions Application-->MsiExec.exe /I{D5EA1755-1899-4380-A4BA-83840648CBDA}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinDVD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Katy-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Install Requested(Install Requested) state
Record Number: 77731
Source Name: Microsoft-Windows-Servicing
Time Written: 20091013175513.000000-000
Event Type: Warning
User: Katy-PC\Katy

Computer Name: Katy-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Install Requested(Install Requested) state
Record Number: 77729
Source Name: Microsoft-Windows-Servicing
Time Written: 20091013175513.000000-000
Event Type: Warning
User: Katy-PC\Katy

Computer Name: Katy-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Install Requested(Install Requested) state
Record Number: 77727
Source Name: Microsoft-Windows-Servicing
Time Written: 20091013175513.000000-000
Event Type: Warning
User: Katy-PC\Katy

Computer Name: Katy-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Install Requested(Install Requested) state
Record Number: 77725
Source Name: Microsoft-Windows-Servicing
Time Written: 20091013175513.000000-000
Event Type: Warning
User: Katy-PC\Katy

Computer Name: Katy-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Install Requested(Install Requested) state
Record Number: 77724
Source Name: Microsoft-Windows-Servicing
Time Written: 20091013175513.000000-000
Event Type: Warning
User: Katy-PC\Katy

=====Application event log=====

Computer Name: Katy-PC
Event Code: 215
Message: WinMail (4920) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Record Number: 1534
Source Name: ESENT
Time Written: 20081231143951.000000-000
Event Type: Error
User:

Computer Name: Katy-PC
Event Code: 7
Message: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
Record Number: 1516
Source Name: VzCdbSvc
Time Written: 20081231143506.000000-000
Event Type: Error
User:

Computer Name: Katy-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 1508
Source Name: Microsoft-Windows-WMI
Time Written: 20081231143457.000000-000
Event Type: Error
User:

Computer Name: Katy-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 1495
Source Name: Microsoft-Windows-Search
Time Written: 20081231143448.000000-000
Event Type: Warning
User:

Computer Name: WIN-YLT0683TSH3
Event Code: 7
Message: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
Record Number: 1461
Source Name: VzCdbSvc
Time Written: 20081231222907.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Katy-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2284042577-2804138696-1539556034-501
Account Name: Guest
Account Domain: Katy-PC
Logon ID: 0x2bd9517

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 7697
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090815184726.777000-000
Event Type: Audit Success
User:

Computer Name: Katy-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-21-2284042577-2804138696-1539556034-1003
Account Name: Katy
Account Domain: Katy-PC
Logon ID: 0x469e5

Logon Type: 3

New Logon:
Security ID: S-1-5-21-2284042577-2804138696-1539556034-501
Account Name: Guest
Account Domain: Katy-PC
Logon ID: 0x2bd9517
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0xfb4
Process Name: C:\Windows\explorer.exe

Network Information:
Workstation Name: KATY-PC
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 7696
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090815184726.772000-000
Event Type: Audit Success
User:

Computer Name: Katy-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-2284042577-2804138696-1539556034-1003
Account Name: Katy
Account Domain: Katy-PC
Logon ID: 0x469e5
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Guest
Account Domain: Katy-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0xfb4
Process Name: C:\Windows\explorer.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 7695
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090815184726.772000-000
Event Type: Audit Success
User:

Computer Name: Katy-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2284042577-2804138696-1539556034-501
Account Name: Guest
Account Domain: Katy-PC
Logon ID: 0x2bb6922

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 7694
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090815184705.112000-000
Event Type: Audit Success
User:

Computer Name: Katy-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-21-2284042577-2804138696-1539556034-1003
Account Name: Katy
Account Domain: Katy-PC
Logon ID: 0x469e5

Logon Type: 3

New Logon:
Security ID: S-1-5-21-2284042577-2804138696-1539556034-501
Account Name: Guest
Account Domain: Katy-PC
Logon ID: 0x2bb6922
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0xfb4
Process Name: C:\Windows\explorer.exe

Network Information:
Workstation Name: KATY-PC
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 7693
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090815184705.111000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"configsetroot"=%SystemRoot%\ConfigSetRoot
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-13 20:23:40
Windows 6.0.6002 Service Pack 2
Running: 6fw5yjjr.exe; Driver: C:\Users\Katy\AppData\Local\Temp\kxldqpob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8EDA6E26]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8EDA7704]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8EDA7864]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8EDAB086]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8EDAB0B8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8EDAB21A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8EDA77C8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8EDA6F6A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8EDA715C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8EDA728E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8EDAB190]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8EDAB0FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8EDAB12C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8EDAB15E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8EDA6DCC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8EDA78C4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8EDAB01E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8EDA6D68]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x8EDA6CBC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8EDA6D04]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x89D4FD88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x89D4FD9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x89D4FD74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8222D9D2 5 Bytes JMP 89D4FD78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!KeSetEvent + 191 822AE8F4 4 Bytes [26, 6E, DA, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D9 822AE93C 4 Bytes [04, 77, DA, 8E]
.text ntkrnlpa.exe!KeSetEvent + 2D1 822AEA34 8 Bytes [64, 78, DA, 8E, 86, B0, DA, ...]
.text ntkrnlpa.exe!KeSetEvent + 2E1 822AEA44 4 Bytes [B8, B0, DA, 8E]
.text ntkrnlpa.exe!KeSetEvent + 381 822AEAE4 4 Bytes [1A, B2, DA, 8E]
.text ...
PAGE ntkrnlpa.exe!NtMapViewOfSection 824124FA 7 Bytes JMP 89D4FD8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 824127BD 5 Bytes JMP 89D4FDA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.rsrc C:\Windows\system32\DRIVERS\smb.sys entry point in ".rsrc" section [0x8F191014]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[804] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00270FEF
.text C:\Windows\system32\services.exe[804] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00270FC3
.text C:\Windows\system32\services.exe[804] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00270FDE
.text C:\Windows\system32\services.exe[804] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 0070006C
.text C:\Windows\system32\services.exe[804] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 00700F26
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 007000AC
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 00700091
.text C:\Windows\system32\services.exe[804] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 00700F70
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 00700025
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 00700036
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 00700F41
.text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 00700F81
.text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 00700FB9
.text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 00700F9E
.text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 00700FCA
.text C:\Windows\system32\services.exe[804] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 0070005B
.text C:\Windows\system32\services.exe[804] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 00700EFA
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 00700014
.text C:\Windows\system32\services.exe[804] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 00700FEF
.text C:\Windows\system32\services.exe[804] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 00700F15
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00880F97
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00880FB2
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00880FEF
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00880039
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 00880054
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00880FD4
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 0088000A
.text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00880FC3
.text C:\Windows\system32\services.exe[804] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 008E0070
.text C:\Windows\system32\services.exe[804] msvcrt.dll!system 76B6804B 5 Bytes JMP 008E005F
.text C:\Windows\system32\services.exe[804] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 008E0029
.text C:\Windows\system32\services.exe[804] msvcrt.dll!_open 76B6D106 5 Bytes JMP 008E000C
.text C:\Windows\system32\services.exe[804] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 008E0044
.text C:\Windows\system32\services.exe[804] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 008E0FEF
.text C:\Windows\system32\services.exe[804] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 00870FEF
.text C:\Windows\system32\services.exe[804] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 00870FCA
.text C:\Windows\system32\services.exe[804] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 00870000
.text C:\Windows\system32\services.exe[804] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 00870011
.text C:\Windows\system32\services.exe[804] WS2_32.dll!socket 766B36D1 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\lsass.exe[832] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00190FEF
.text C:\Windows\system32\lsass.exe[832] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00190FC3
.text C:\Windows\system32\lsass.exe[832] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00190FD4
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 001B0F57
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 001B0F68
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 001B0F10
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 001B0F2B
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 001B0F97
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 001B002C
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 001B0FDB
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 001B009D
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 001B0071
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 001B0FB9
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 001B0FA8
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 001B0FCA
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 001B008C
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 001B0EF5
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 001B0011
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 001B0000
.text C:\Windows\system32\lsass.exe[832] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 001B0F46
.text C:\Windows\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00BF0FA5
.text C:\Windows\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00BF0047
.text C:\Windows\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00BF0000
.text C:\Windows\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00BF0FB6
.text C:\Windows\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 00BF0F94
.text C:\Windows\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00BF0FE5
.text C:\Windows\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 00BF001B
.text C:\Windows\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00BF002C
.text C:\Windows\system32\lsass.exe[832] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00850FE5
.text C:\Windows\system32\lsass.exe[832] msvcrt.dll!system 76B6804B 5 Bytes JMP 00850066
.text C:\Windows\system32\lsass.exe[832] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00850044
.text C:\Windows\system32\lsass.exe[832] msvcrt.dll!_open 76B6D106 5 Bytes JMP 0085000C
.text C:\Windows\system32\lsass.exe[832] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00850055
.text C:\Windows\system32\lsass.exe[832] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00850029
.text C:\Windows\system32\lsass.exe[832] WS2_32.dll!socket 766B36D1 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\lsass.exe[832] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 00840FEF
.text C:\Windows\system32\lsass.exe[832] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 00840FD4
.text C:\Windows\system32\lsass.exe[832] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 00840000
.text C:\Windows\system32\lsass.exe[832] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 0084001B
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 001F0025
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 003600AB
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 0036009A
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 003600F2
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 003600D7
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 00360F8A
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 00360FDB
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 00360FCA
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 00360F6F
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 0036006E
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 00360FAF
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 00360051
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 00360036
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 0036007F
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 00360F36
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 0036001B
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 0036000A
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 003600C6
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00380F94
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!system 76B6804B 5 Bytes JMP 00380FAF
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00380FEF
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_open 76B6D106 5 Bytes JMP 0038000C
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00380FCA
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00380029
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00390091
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00390076
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00390000
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00390FEF
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 003900A2
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00390036
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 00390025
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00390051
.text C:\Windows\system32\svchost.exe[1048] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[1048] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 00370011
.text C:\Windows\system32\svchost.exe[1048] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 00370FDB
.text C:\Windows\system32\svchost.exe[1048] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 00370FC0
.text C:\Windows\system32\svchost.exe[1048] WS2_32.dll!socket 766B36D1 5 Bytes JMP 00200000
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00130FE5
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00130011
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00130000
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 00FB0F61
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 00FB009D
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 00FB0F21
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 00FB00B8
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 00FB0071
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 00FB0011
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 00FB002C
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreatePipe 76708E6E 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 00FB0F72
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 00FB0F97
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 00FB0FB9
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 00FB0FA8
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 00FB0FCA
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 00FB0082
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 00FB00C9
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 00FB0000
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 00FB0FE5
.text C:\Windows\system32\svchost.exe[1112] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 00FB0F3C
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 0131007A
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!system 76B6804B 5 Bytes JMP 01310055
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 0131003A
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_open 76B6D106 5 Bytes JMP 01310000
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 01310FE5
.text C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 0131001D
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 01360051
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 0136001B
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 01360000
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 01360036
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 0136006C
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 01360FC0
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 01360FDB
.text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 01360FAF
.text C:\Windows\system32\svchost.exe[1112] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 01300FEF
.text C:\Windows\system32\svchost.exe[1112] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 0130000A
.text C:\Windows\system32\svchost.exe[1112] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 01300FD4
.text C:\Windows\system32\svchost.exe[1112] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 01300FB9
.text C:\Windows\system32\svchost.exe[1112] WS2_32.dll!socket 766B36D1 5 Bytes JMP 00F60FEF
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 002A0000
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 002A0FE5
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 002A0011
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 00A600D0
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 00A600B5
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 00A60117
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 00A60106
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 00A60FA5
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 00A6001B
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 00A60036
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 00A6009A
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 00A6007F
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 00A60FC0
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 00A60062
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 00A60051
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 00A60F94
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 00A60F5B
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 00A6000A
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 00A60FEF
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 00A600EB
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00A90055
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!system 76B6804B 5 Bytes JMP 00A90044
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00A90022
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00A90000
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00A90033
.text C:\Windows\system32\svchost.exe[1224] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00A90011
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00AB0F72
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00AB0014
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00AB0FE5
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00AB0F8D
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 00AB0F57
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00AB0FC3
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 00AB0FD4
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00AB0FB2
.text C:\Windows\system32\svchost.exe[1224] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 00A70FEF
.text C:\Windows\system32\svchost.exe[1224] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 00A70FD4
.text C:\Windows\system32\svchost.exe[1224] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 00A7000A
.text C:\Windows\system32\svchost.exe[1224] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 00A70FB9
.text C:\Windows\system32\svchost.exe[1224] WS2_32.dll!socket 766B36D1 5 Bytes JMP 00780000
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1244] ntdll.dll!KiUserApcDispatcher 77D75D18 5 Bytes JMP 00414610 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1244] USER32.dll!InSendMessageEx + 3B1 7658E6B0 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1244] WS2_32.dll!getaddrinfo 766B418A 5 Bytes JMP 71640022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1244] WS2_32.dll!gethostbyname 766C62D4 5 Bytes JMP 71670022
.text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 009A0000
.text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 009A0022
.text C:\Windows\System32\svchost.exe[1332] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 009A0011
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 01B900A3
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 01B90F5D
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 01B90F3B
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 01B900D2
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 01B90F7F
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 01B90FDE
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 01B90FCD
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 01B9007E
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 01B90F90
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 01B90FA1
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 01B90043
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 01B90FB2
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 01B90F6E
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 01B900E3
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 01B9000A
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 01B90FEF
.text C:\Windows\System32\svchost.exe[1332] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 01B90F4C
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 01BB0053
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!system 76B6804B 5 Bytes JMP 01BB0038
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 01BB0FD2
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!_open 76B6D106 5 Bytes JMP 01BB0000
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 01BB0027
.text C:\Windows\System32\svchost.exe[1332] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 01BB0FE3
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 02090FCD
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 02090054
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 02090FEF
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 0209006F
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 02090FB2
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 0209001E
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 02090FDE
.text C:\Windows\System32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 02090039
.text C:\Windows\System32\svchost.exe[1332] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 01BA0000
.text C:\Windows\System32\svchost.exe[1332] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 01BA001B
.text C:\Windows\System32\svchost.exe[1332] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 01BA0FDB
.text C:\Windows\System32\svchost.exe[1332] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 01BA0FCA
.text C:\Windows\System32\svchost.exe[1332] WS2_32.dll!socket 766B36D1 5 Bytes JMP 01740000
.text C:\Windows\System32\svchost.exe[1364] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00A70FEF
.text C:\Windows\System32\svchost.exe[1364] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00A70025
.text C:\Windows\System32\svchost.exe[1364] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00A7000A
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 00BA0F7E
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 00BA0F99
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 00BA0F37
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 00BA0F5C
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 00BA00A9
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 00BA0025
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 00BA0036
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 00BA0FB4
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 00BA008E
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 00BA0062
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 00BA007D
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 00BA0047
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 00BA00BA
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 00BA0F26
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 00BA0014
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 00BA0FEF
.text C:\Windows\System32\svchost.exe[1364] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 00BA0F6D
.text C:\Windows\System32\svchost.exe[1364] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00F90FA6
.text C:\Windows\System32\svchost.exe[1364] msvcrt.dll!system 76B6804B 5 Bytes JMP 00F90031
.text C:\Windows\System32\svchost.exe[1364] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00F90FC8
.text C:\Windows\System32\svchost.exe[1364] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00F90000
.text C:\Windows\System32\svchost.exe[1364] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00F90FB7
.text C:\Windows\System32\svchost.exe[1364] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00F90FE3
.text C:\Windows\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00FE0F86
.text C:\Windows\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00FE0FA8
.text C:\Windows\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00FE0FEF
.text C:\Windows\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00FE0F97
.text C:\Windows\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 00FE0F6B
.text C:\Windows\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00FE0014
.text C:\Windows\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 00FE0FDE
.text C:\Windows\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00FE0FC3
.text C:\Windows\System32\svchost.exe[1364] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 00F80FE5
.text C:\Windows\System32\svchost.exe[1364] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 00F80000
.text C:\Windows\System32\svchost.exe[1364] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 00F8001B
.text C:\Windows\System32\svchost.exe[1364] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 00F80040
.text C:\Windows\System32\svchost.exe[1364] WS2_32.dll!socket 766B36D1 5 Bytes JMP 00B90000
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00B70000
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00B70FD4
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00B70FE5
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtWriteVirtualMemory 77D75674 5 Bytes JMP 0013000A
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!KiUserExceptionDispatcher 77D75DC8 5 Bytes JMP 000D000A
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 00F40F09
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 00F40F1A
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 00F40074
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 00F40EDD
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 00F40F3C
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 00F40FCA
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 00F40FB9
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 00F40F2B
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 00F40F57
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 00F40F83
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 00F40F72
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 00F40FA8
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 00F40031
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 00F40EC2
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 00F40FDB
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 00F40000
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 00F40EEE
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00FA0058
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!system 76B6804B 5 Bytes JMP 00FA0047
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00FA0FCD
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00FA0000
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00FA0022
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00FA0011
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00FB0062
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00FB002C
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00FB0FEF
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00FB0047
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 00FB0073
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00FB000A
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 00FB0FD4
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00FB001B
.text C:\Windows\system32\svchost.exe[1388] ole32.dll!CoCreateInstance 76CA9EA6 5 Bytes JMP 0028000A
.text C:\Windows\system32\svchost.exe[1388] USER32.dll!GetCursorPos 765A0B88 5 Bytes JMP 00AF000A
.text C:\Windows\system32\svchost.exe[1388] WS2_32.dll!socket 766B36D1 5 Bytes JMP 00F3000A
.text C:\Windows\system32\svchost.exe[1388] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 00F9000A
.text C:\Windows\system32\svchost.exe[1388] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 00F90FEF
.text C:\Windows\system32\svchost.exe[1388] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 00F90FD4
.text C:\Windows\system32\svchost.exe[1388] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 00F90FAF
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00A40FEF
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00A40FD4
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00A4000A
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 00A6009A
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 00A60F5E
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 00A60F2F
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 00A600C6
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 00A60F94
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 00A60FE5
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 00A60036
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 00A60F79
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 00A60FAF
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 00A60FC0
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 00A6006C
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 00A60047
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 00A60089
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 00A600E1
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 00A6001B
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 00A6000A
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 00A600AB
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00B50049
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!system 76B6804B 5 Bytes JMP 00B50038
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00B5001D
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00B50FEF
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00B50FBE
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00B5000C
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00B60F91
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00B6002C
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00B60FEF
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00B6003D
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 00B60F80
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00B6001B
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 00B60000
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00B60FCA
.text C:\Windows\system32\svchost.exe[1596] WS2_32.dll!socket 766B36D1 5 Bytes JMP 00A50000
.text C:\Windows\system32\svchost.exe[1596] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 00A70000
.text C:\Windows\system32\svchost.exe[1596] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 00A7001B
.text C:\Windows\system32\svchost.exe[1596] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 00A7002C
.text C:\Windows\system32\svchost.exe[1596] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 00A70047
.text C:\Windows\Explorer.EXE[1892] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 03150FEF
.text C:\Windows\Explorer.EXE[1892] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 03150FDE
.text C:\Windows\Explorer.EXE[1892] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 0315000A
.text C:\Windows\Explorer.EXE[1892] ntdll.dll!NtWriteVirtualMemory 77D75674 5 Bytes JMP 0082000A
.text C:\Windows\Explorer.EXE[1892] ntdll.dll!KiUserExceptionDispatcher 77D75DC8 5 Bytes JMP 0080000A
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 038C0F88
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 038C00CE
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 038C00FA
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 038C0F63
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 038C0098
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 038C0FDE
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 038C002F
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 038C00BD
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 038C0087
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 038C0065
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 038C0076
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 038C004A
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 038C0FAD
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 038C0F48
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 038C0014
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 038C0FEF
.text C:\Windows\Explorer.EXE[1892] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 038C00E9
.text C:\Windows\Explorer.EXE[1892] ADVAPI32.dll!RegCreateKeyExA 77C639AB 1 Byte [E9]
.text C:\Windows\Explorer.EXE[1892] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 03940FAF
.text C:\Windows\Explorer.EXE[1892] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 03940FD1
.text C:\Windows\Explorer.EXE[1892] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 03940000
.text C:\Windows\Explorer.EXE[1892] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 03940FC0
.text C:\Windows\Explorer.EXE[1892] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 03940F9E
.text C:\Windows\Explorer.EXE[1892] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 03940036
.text C:\Windows\Explorer.EXE[1892] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 03940011
.text C:\Windows\Explorer.EXE[1892] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 03940047
.text C:\Windows\Explorer.EXE[1892] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 038E0050
.text C:\Windows\Explorer.EXE[1892] msvcrt.dll!system 76B6804B 5 Bytes JMP 038E003F
.text C:\Windows\Explorer.EXE[1892] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 038E001D
.text C:\Windows\Explorer.EXE[1892] msvcrt.dll!_open 76B6D106 5 Bytes JMP 038E0FE3
.text C:\Windows\Explorer.EXE[1892] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 038E002E
.text C:\Windows\Explorer.EXE[1892] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 038E000C
.text C:\Windows\Explorer.EXE[1892] SHELL32.dll!SHGetFolderPathAndSubDirW + 8189 7709B324 4 Bytes [70, 93, BB, 06]
.text C:\Windows\Explorer.EXE[1892] SHELL32.dll!SHGetFolderPathAndSubDirW + 8249 7709B3E4 4 Bytes [60, 8F, BB, 06]
.text C:\Windows\Explorer.EXE[1892] SHELL32.dll!SHGetFolderPathAndSubDirW + 82C1 7709B45C 4 Bytes [90, 94, BB, 06]
.text C:\Windows\Explorer.EXE[1892] SHELL32.dll!SHGetFolderPathAndSubDirW + 8395 7709B530 4 Bytes [50, 92, BB, 06]
.text C:\Windows\Explorer.EXE[1892] SHELL32.dll!SHCreateDefaultExtractIcon + 1111 770AF5A8 4 Bytes [00, 8F, BB, 06]
.text C:\Windows\Explorer.EXE[1892] WS2_32.dll!socket 766B36D1 5 Bytes JMP 035C0FE5
.text C:\Windows\Explorer.EXE[1892] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 038D0FEF
.text C:\Windows\Explorer.EXE[1892] WININET.dll!InternetOpenW 7684D7DA 1 Byte [E9]
.text C:\Windows\Explorer.EXE[1892] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 038D0FDE
.text C:\Windows\Explorer.EXE[1892] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 038D0FC3
.text C:\Windows\Explorer.EXE[1892] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 038D0FB2
.text C:\Windows\system32\svchost.exe[2020] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00880FEF
.text C:\Windows\system32\svchost.exe[2020] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00880FCA
.text C:\Windows\system32\svchost.exe[2020] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00880000
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 009B0F0B
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 009B0F1C
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 009B0087
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 009B0EFA
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 009B0F66
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 009B0FCA
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 009B0FB9
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 009B0F41
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 009B0040
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 009B0F8D
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 009B002F
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 009B0FA8
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 009B0051
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 009B0ED5
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[2020] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 009B006C
.text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 009D0036
.text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!system 76B6804B 5 Bytes JMP 009D0025
.text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 009D0FB5
.text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!_open 76B6D106 5 Bytes JMP 009D0FE3
.text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 009D000A
.text C:\Windows\system32\svchost.exe[2020] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 009D0FD2
.text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00A60040
.text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00A60F9E
.text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00A60FE5
.text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00A60025
.text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 00A60F83
.text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00A60FB9
.text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 00A60FD4
.text C:\Windows\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00A6000A
.text C:\Windows\system32\svchost.exe[2020] WS2_32.dll!socket 766B36D1 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[2020] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 009C0000
.text C:\Windows\system32\svchost.exe[2020] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 009C001B
.text C:\Windows\system32\svchost.exe[2020] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 009C002C
.text C:\Windows\system32\svchost.exe[2020] WININET.dll!InternetOpenUrlW 76899139 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2020] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 009C003D
.text C:\Windows\system32\svchost.exe[2116] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[2116] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00020FD4
.text C:\Windows\system32\svchost.exe[2116] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 0002000A
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 001B0F3E
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 001B0F63
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 001B00D5
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 001B00BA
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 001B0073
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 001B0036
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 001B0047
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 001B008E
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 001B0F99
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 001B0062
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 001B0FB6
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 001B0FDB
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 001B0F7E
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 001B00E6
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 001B001B
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 001B009F
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 001D0053
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!system 76B6804B 5 Bytes JMP 001D0038
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 001D000C
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_open 76B6D106 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 001D0027
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 001D0FDE
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 001E0F86
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 001E0FA8
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 001E0000
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 001E0F97
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 001E004D
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 001E0FC3
.text C:\Windows\system32\svchost.exe[2116] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[2116] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[2116] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[2116] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 001C0025
.text C:\Windows\system32\svchost.exe[2116] WS2_32.dll!socket 766B36D1 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 00330080
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 00330F3A
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 003300AC
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 00330F1F
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 00330065
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 00330014
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 00330FC3
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 00330F55
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 00330054
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 00330F97
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 00330043
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 00330FA8
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 00330F7A
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 00330F04
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 00330FD4
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 00330FE5
.text C:\Windows\system32\svchost.exe[2476] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 00330091
.text C:\Windows\system32\svchost.exe[2476] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00350FB7
.text C:\Windows\system32\svchost.exe[2476] msvcrt.dll!system 76B6804B 5 Bytes JMP 00350038
.text C:\Windows\system32\svchost.exe[2476] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00350FD2
.text C:\Windows\system32\svchost.exe[2476] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00350FE3
.text C:\Windows\system32\svchost.exe[2476] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00350027
.text C:\Windows\system32\svchost.exe[2476] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00350000
.text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 008A0F79
.text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 008A001B
.text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 008A0FE5
.text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 008A0F94
.text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 008A0036
.text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 008A0FC0
.text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 008A0FAF
.text C:\Windows\system32\svchost.exe[2476] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 0034000A
.text C:\Windows\system32\svchost.exe[2476] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[2476] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 00340FDE
.text C:\Windows\system32\svchost.exe[2476] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 00340FCD
.text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!socket 766B36D1 5 Bytes JMP 00300000
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2524] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 001B000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2524] ntdll.dll!NtWriteVirtualMemory 77D75674 5 Bytes JMP 001C000A
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2524] ntdll.dll!KiUserExceptionDispatcher 77D75DC8 5 Bytes JMP 001A000A
.text C:\Windows\system32\svchost.exe[2596] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[2596] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 009B0FD4
.text C:\Windows\system32\svchost.exe[2596] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 009E0F72
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 009E00C2
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 009E0F50
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 009E00DD
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 009E0F9E
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 009E0036
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 009E0051
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 009E009D
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 009E0FAF
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 009E006C
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 009E0FCA
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 009E0FE5
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 009E0F8D
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 009E0F2B
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 009E001B
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 009E000A
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 009E0F61
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00A00049
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!system 76B6804B 5 Bytes JMP 00A00FBE
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00A00027
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00A00000
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00A00038
.text C:\Windows\system32\svchost.exe[2596] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00A00FE3
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00A10047
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00A10FAF
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00A10FE5
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00A10036
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 00A10062
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00A10000
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 00A10FD4
.text C:\Windows\system32\svchost.exe[2596] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00A10011
.text C:\Windows\system32\svchost.exe[2596] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[2596] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[2596] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 009F0025
.text C:\Windows\system32\svchost.exe[2596] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 009F0036
.text C:\Windows\system32\svchost.exe[2596] WS2_32.dll!socket 766B36D1 5 Bytes JMP 009D0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] ntdll.dll!LdrLoadDll 77D39390 5 Bytes JMP 00DC13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00CB000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] ntdll.dll!NtWriteVirtualMemory 77D75674 5 Bytes JMP 00CC000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] ntdll.dll!KiUserApcDispatcher 77D75D18 5 Bytes JMP 02B87B40 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] ntdll.dll!KiUserExceptionDispatcher 77D75DC8 5 Bytes JMP 00CA000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] GDI32.dll!BitBlt 767E70A6 6 Bytes PUSH 71540022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] USER32.dll!DdeInitializeW 76587921 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] USER32.dll!RegisterClassExW 7658DA30 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] USER32.dll!GetMessageW 7659FEF7 6 Bytes PUSH 71480022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] USER32.dll!TranslateMessage 765A01AD 6 Bytes PUSH 71410022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[2668] USER32.dll!GetClipboardData 765C715A 6 Bytes PUSH 714B0022; RET
.text C:\Windows\system32\DllHost.exe[2736] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00650FEF
.text C:\Windows\system32\DllHost.exe[2736] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00650FCA
.text C:\Windows\system32\DllHost.exe[2736] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 0065000A
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 00890082
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 00890F3C
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 00890F10
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 00890F21
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 00890056
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 00890FDE
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 0089002F
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 00890F57
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 00890F7C
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 00890FB2
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 00890F8D
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 00890FC3
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 00890067
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 008900B8
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 00890014
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 00890FEF
.text C:\Windows\system32\DllHost.exe[2736] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 0089009D
.text C:\Windows\system32\DllHost.exe[2736] msvcrt.dll!_wsystem 76B67F2F 1 Byte [E9]
.text C:\Windows\system32\DllHost.exe[2736] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 008B0033
.text C:\Windows\system32\DllHost.exe[2736] msvcrt.dll!system 76B6804B 5 Bytes JMP 008B0FB2
.text C:\Windows\system32\DllHost.exe[2736] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 008B0011
.text C:\Windows\system32\DllHost.exe[2736] msvcrt.dll!_open 76B6D106 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\DllHost.exe[2736] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 008B0022
.text C:\Windows\system32\DllHost.exe[2736] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 008B0000
.text C:\Windows\system32\DllHost.exe[2736] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00920043
.text C:\Windows\system32\DllHost.exe[2736] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00920032
.text C:\Windows\system32\DllHost.exe[2736] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00920FEF
.text C:\Windows\system32\DllHost.exe[2736] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00920FA1
.text C:\Windows\system32\DllHost.exe[2736] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 00920068
.text C:\Windows\system32\DllHost.exe[2736] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00920FCD
.text C:\Windows\system32\DllHost.exe[2736] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 00920FDE
.text C:\Windows\system32\DllHost.exe[2736] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00920FBC
.text C:\Windows\system32\DllHost.exe[2736] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 008A0000
.text C:\Windows\system32\DllHost.exe[2736] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\DllHost.exe[2736] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 008A001B
.text C:\Windows\system32\DllHost.exe[2736] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 008A0FCA
.text C:\Windows\System32\svchost.exe[2888] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00020000
.text C:\Windows\System32\svchost.exe[2888] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00020022
.text C:\Windows\System32\svchost.exe[2888] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00020011
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 001A0F1C
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 001A0F2D
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 001A0ED5
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 001A0EF0
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 001A0051
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 001A0FCA
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 001A0FAF
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 001A0062
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 001A0F79
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 001A0011
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 001A0036
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 001A0F8A
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 001A0F5C
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 001A0EBA
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 001A0000
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 001A0FE5
.text C:\Windows\System32\svchost.exe[2888] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 001A0F01
.text C:\Windows\System32\svchost.exe[2888] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 001C0FAB
.text C:\Windows\System32\svchost.exe[2888] msvcrt.dll!system 76B6804B 5 Bytes JMP 001C0FBC
.text C:\Windows\System32\svchost.exe[2888] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 001C0011
.text C:\Windows\System32\svchost.exe[2888] msvcrt.dll!_open 76B6D106 5 Bytes JMP 001C0FE3
.text C:\Windows\System32\svchost.exe[2888] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 001C0022
.text C:\Windows\System32\svchost.exe[2888] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 001C0000
.text C:\Windows\System32\svchost.exe[2888] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 001D004A
.text C:\Windows\System32\svchost.exe[2888] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 001D002F
.text C:\Windows\System32\svchost.exe[2888] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 001D0FEF
.text C:\Windows\System32\svchost.exe[2888] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 001D0FA8
.text C:\Windows\System32\svchost.exe[2888] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 001D005B
.text C:\Windows\System32\svchost.exe[2888] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 001D001E
.text C:\Windows\System32\svchost.exe[2888] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 001D0FDE
.text C:\Windows\System32\svchost.exe[2888] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 001D0FC3
.text C:\Windows\System32\svchost.exe[2888] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 001B0000
.text C:\Windows\System32\svchost.exe[2888] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 001B0011
.text C:\Windows\System32\svchost.exe[2888] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 001B0022
.text C:\Windows\System32\svchost.exe[2888] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 001B0FD1
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3416] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 6B289AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3416] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 6B289A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\DllHost.exe[3508] ntdll.dll!NtCreateFile 77D743D4 5 Bytes JMP 00260FEF
.text C:\Windows\system32\DllHost.exe[3508] ntdll.dll!NtCreateProcess 77D74494 5 Bytes JMP 00260FDE
.text C:\Windows\system32\DllHost.exe[3508] ntdll.dll!NtProtectVirtualMemory 77D74D34 5 Bytes JMP 00260014
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!GetStartupInfoW 766E1929 5 Bytes JMP 00BA009A
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!GetStartupInfoA 766E19C9 5 Bytes JMP 00BA0F5E
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!CreateProcessW 766E1BF3 5 Bytes JMP 00BA0F28
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!CreateProcessA 766E1C28 5 Bytes JMP 00BA0F39
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!VirtualProtect 766E1DC3 5 Bytes JMP 00BA005D
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!CreateNamedPipeA 766E2EF5 5 Bytes JMP 00BA0FB9
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!CreateNamedPipeW 766E5C0C 5 Bytes JMP 00BA0FA8
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!CreatePipe 76708E6E 5 Bytes JMP 00BA0089
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!LoadLibraryExW 76709109 5 Bytes JMP 00BA004C
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!LoadLibraryW 76709362 5 Bytes JMP 00BA0014
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!LoadLibraryExA 767094B4 5 Bytes JMP 00BA0025
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!LoadLibraryA 767094DC 5 Bytes JMP 00BA0F8D
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!VirtualProtectEx 7670DBDA 5 Bytes JMP 00BA006E
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!GetProcAddress 7672903B 5 Bytes JMP 00BA0F0D
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!CreateFileW 7672AECB 5 Bytes JMP 00BA0FD4
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!CreateFileA 7672CE5F 5 Bytes JMP 00BA0FE5
.text C:\Windows\system32\DllHost.exe[3508] kernel32.dll!WinExec 76775CF7 5 Bytes JMP 00BA00B5
.text C:\Windows\system32\DllHost.exe[3508] msvcrt.dll!_wsystem 76B67F2F 5 Bytes JMP 00BE0FAF
.text C:\Windows\system32\DllHost.exe[3508] msvcrt.dll!system 76B6804B 5 Bytes JMP 00BE0044
.text C:\Windows\system32\DllHost.exe[3508] msvcrt.dll!_creat 76B6BBE1 5 Bytes JMP 00BE0FD4
.text C:\Windows\system32\DllHost.exe[3508] msvcrt.dll!_open 76B6D106 5 Bytes JMP 00BE0000
.text C:\Windows\system32\DllHost.exe[3508] msvcrt.dll!_wcreat 76B6D326 5 Bytes JMP 00BE0033
.text C:\Windows\system32\DllHost.exe[3508] msvcrt.dll!_wopen 76B6D501 5 Bytes JMP 00BE0FEF
.text C:\Windows\system32\DllHost.exe[3508] ADVAPI32.dll!RegCreateKeyExA 77C639AB 5 Bytes JMP 00BF0051
.text C:\Windows\system32\DllHost.exe[3508] ADVAPI32.dll!RegCreateKeyA 77C63BA9 5 Bytes JMP 00BF0FB9
.text C:\Windows\system32\DllHost.exe[3508] ADVAPI32.dll!RegOpenKeyA 77C689C7 5 Bytes JMP 00BF0FEF
.text C:\Windows\system32\DllHost.exe[3508] ADVAPI32.dll!RegCreateKeyW 77C7391E 5 Bytes JMP 00BF0040
.text C:\Windows\system32\DllHost.exe[3508] ADVAPI32.dll!RegCreateKeyExW 77C741F1 5 Bytes JMP 00BF0F94
.text C:\Windows\system32\DllHost.exe[3508] ADVAPI32.dll!RegOpenKeyExA 77C77C42 5 Bytes JMP 00BF0FD4
.text C:\Windows\system32\DllHost.exe[3508] ADVAPI32.dll!RegOpenKeyW 77C7E2B5 5 Bytes JMP 00BF000A
.text C:\Windows\system32\DllHost.exe[3508] ADVAPI32.dll!RegOpenKeyExW 77C87BA1 5 Bytes JMP 00BF001B
.text C:\Windows\system32\DllHost.exe[3508] WININET.dll!InternetOpenA 7684D47D 5 Bytes JMP 00BB0000
.text C:\Windows\system32\DllHost.exe[3508] WININET.dll!InternetOpenW 7684D7DA 5 Bytes JMP 00BB0FEF
.text C:\Windows\system32\DllHost.exe[3508] WININET.dll!InternetOpenUrlA 7684FE4B 5 Bytes JMP 00BB0025
.text C:\Windows\system32\DllHost.exe[3508] WININET.dll!InternetOpenUrlW 76899139 5 Bytes JMP 00BB0FD4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4040] USER32.dll!TrackPopupMenu 765A14F3 4 Bytes JMP 62FF05FE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4448] ntdll.dll!KiUserApcDispatcher 77D75D18 5 Bytes JMP 00438AD0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4448] WS2_32.dll!getaddrinfo 766B418A 5 Bytes JMP 71670022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4448] WS2_32.dll!gethostbyname 766C62D4 5 Bytes JMP 716E0022

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000272b00026 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\Katy\AppData\Local\Valued Opinions\PanelApp\panelapp.log.chunk.0x0000105F.1279047247.1 0 bytes
File C:\Windows\system32\DRIVERS\smb.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:03:25 AM

Posted 13 July 2010 - 04:40 PM

Hello, katydragon.
QUOTE
It took a bit of effort to get the Gmer one, it crashed a couple of times and then actually got to the end of the scan, then crashed as soon as the file saved on two occasions, the first of which the file didn't actually seem to save. Is that normal?

Yes, GMER is a little bit unstable, but is a really good scanner smile.gif

We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 katydragon

katydragon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 15 July 2010 - 01:40 PM

Hi again, sorry for the delay in responding, yesterday evening turned out pretty hectic! Here's the combofix log.



ComboFix 10-07-15.01 - Katy 15/07/2010 19:14:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1540 [GMT 1:00]
Running from: c:\users\Katy\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Katy\AppData\Local\{4337E97A-BF72-4767-9391-19CA96A668E1}
c:\users\Katy\AppData\Local\{4337E97A-BF72-4767-9391-19CA96A668E1}\chrome.manifest
c:\users\Katy\AppData\Local\{4337E97A-BF72-4767-9391-19CA96A668E1}\chrome\content\_cfg.js
c:\users\Katy\AppData\Local\{4337E97A-BF72-4767-9391-19CA96A668E1}\chrome\content\overlay.xul
c:\users\Katy\AppData\Local\{4337E97A-BF72-4767-9391-19CA96A668E1}\install.rdf
c:\users\Katy\AppData\Local\mfwrmb.dll
c:\users\Katy\AppData\Local\uwuyuhaxovabuyud.dll
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\smb.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-14 19:24 . 2010-07-14 19:24 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2010-07-13 17:21 . 2010-07-13 17:34 -------- d-----w- c:\program files\trend micro
2010-07-13 17:19 . 2010-07-13 17:34 -------- d-----w- C:\rsit
2010-07-10 16:25 . 2010-07-10 16:26 -------- d-----w- c:\users\Katy\HijackThis
2010-07-10 14:02 . 2010-07-10 14:02 -------- d-----w- c:\programdata\WindowsSearch
2010-07-09 17:59 . 2010-07-15 18:00 120 ----a-w- c:\users\Katy\AppData\Local\Akadir.dat
2010-07-09 17:59 . 2010-07-15 06:23 0 ----a-w- c:\users\Katy\AppData\Local\Vgujuz.bin
2010-07-09 17:56 . 2010-07-09 17:56 -------- d-----w- c:\users\Katy\AppData\Local\cxuhbpaqk
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-24 02:00 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:00 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:00 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:00 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:00 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 11:55 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 11:55 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 18:10 . 2009-04-13 20:57 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-15 17:19 . 2009-01-04 12:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-10 13:54 . 2008-07-09 23:19 -------- d-----w- c:\program files\Java
2010-06-26 02:01 . 2008-08-14 19:45 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 23:05 . 2009-04-01 15:58 -------- d-----w- c:\users\Katy\AppData\Roaming\skypePM
2010-06-15 23:24 . 2009-04-01 15:57 -------- d-----w- c:\users\Katy\AppData\Roaming\Skype
2010-06-12 02:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-12 02:14 . 2008-08-14 19:43 -------- d-----w- c:\programdata\Microsoft Help
2010-06-05 14:51 . 2010-06-05 14:51 31 ---ha-w- c:\windows\UKCpInfo.sys
2010-06-05 14:51 . 2010-06-05 14:51 -------- d-----w- c:\program files\Coupon Printer
2010-05-29 14:41 . 2010-05-29 14:41 -------- d-----w- c:\users\Katy\AppData\Roaming\Trusteer
2010-05-29 14:41 . 2010-05-29 14:41 -------- d-----w- c:\program files\Trusteer
2010-05-29 14:40 . 2010-05-29 14:40 -------- d-----w- c:\programdata\Trusteer
2010-05-26 17:06 . 2010-06-11 13:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 13:45 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 19:15 . 2010-06-11 13:45 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-11 13:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-11 13:44 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 16:16 . 2010-04-21 15:04 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 16:16 . 2010-04-21 15:04 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 16:16 . 2010-04-21 15:04 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 16:16 . 2010-04-21 15:04 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-04-27 16:16 . 2010-04-21 15:04 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 16:16 . 2010-04-21 15:04 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 16:16 . 2010-04-21 15:04 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 16:16 . 2010-04-21 15:04 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 16:16 . 2010-04-21 15:04 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-04-27 16:16 . 2010-04-21 15:04 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-23 14:13 . 2010-05-25 20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-12 20:07 . 2009-11-12 20:07 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-04-27 16:16 . 2010-04-21 15:04 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2010-05-05 10:24 72704 ----a-w- c:\users\Katy\AppData\Local\Valued Opinions\PanelApp\pahelper_1402.2010.0415.1356.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-01 39408]
"PanelApp"="c:\users\Katy\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe" [2009-12-30 31232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-12 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-14 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\Katy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 19:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:9f,e1,b1,61,32,4c,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-12 30192]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 PanelSvc;PanelSvc;c:\program files\Valued Opinions\PanelApp\PanelSvc.exe [2009-12-30 91136]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-01 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-01 166632]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-28 299008]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.club-vaio.com
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Katy\AppData\Roaming\Mozilla\Firefox\Profiles\d4e4boty.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://hol.org.uk/|http://thebadgersett.us/forum/index.php?&&&CODE=00|http://katy-l.livejournal.com/|http://katy-halfadragon.blogspot.com/|http://news.bbc.co.uk/|http://www.facebook.com/whatkatydidnext?ref=profile#!/whatkatydidnext?ref=profile|http://forums.confetti.co.uk/?plckForumPage=Forum&plckForumId=Cat%3aWeddingsForum%3a7
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\Katy\AppData\Local\Valued Opinions\PanelApp\ff\components\FFoxAddinStub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-odcihajv - c:\users\Katy\AppData\Local\cxuhbpaqk\xtvmvcmtssd.exe
HKCU-Run-Wgecumipober - c:\users\Katy\AppData\Local\mfwrmb.dll
HKLM-Run-Xqometijok - c:\users\Katy\AppData\Local\uwuyuhaxovabuyud.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 19:31
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-15 19:34:36
ComboFix-quarantined-files.txt 2010-07-15 18:34

Pre-Run: 163,465,437,184 bytes free
Post-Run: 163,654,721,536 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F61F03097529D63BDC1AD1EF1CF3CABC


#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:03:25 AM

Posted 15 July 2010 - 02:21 PM

Hi!

Looks like Combofix got the infection out. How's your computer doing? Are you experiencing any problems?

I don't see an Antivirus Program running on your machine.

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
I use AVG Antivirus and find that it's quite decent, but they are all effective.
**Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Once installed, please do a full system scan, and if any infections are found, post the log file.

NEXT:

We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 21 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run an ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the ESET Online Scanner button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the Eset Smart Installer icon on your desktop.
  4. Check the "YES, I accept the Terms of Use"
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check Scan archives
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push "List of found threats"
  11. Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the "< button.
  13. Push Finish

In your next reply, please include the following:
  • Antivirus scan log (only if infections are found)
  • Eset Scan Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 katydragon

katydragon
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 17 July 2010 - 03:51 AM

Hi,

Ok, you're going to think I'm totally useless, but here goes:

I do have an antivirus - I'm using Mcafee total protection. Maybe it didn't show up because I switched it all off for the combofix scan? Anyway, I ran a full Mcafee scan and one virus was found and removed, but I have no idea how to access the log of the scan to post it here.

I installed the new version of Java, no problems there.

I ran the Eset scan, but had to do it several times - it found four trojans, but then the computer restarted itself in the night, after I'd gone to bed, and when I ran it again this morning the scan was clear.

What can I do now?

Many thanks!

#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:03:25 AM

Posted 17 July 2010 - 04:54 AM

Hello, katydragon.
Don't worry about it. If the scans came out clean, we can proceed and clean up the tools we've used smile.gif

We need to uninstall Combofix
  1. Click on your Start Menu, then Run....
  2. Now type combofix /uninstall in the runbox and click OK. Notice the space between the "x" and "/".




Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif

There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Make Firefox more secure
    Firefox is a relatively safe browser compared to Internet Explorer. However, if you'd still like to enhance security, consider some of these extensions:
    • NoScript: Add-on which automatically blocks Javascript and Java from running on sites.
    • Firekeeper: Add-on which aims to protect your from malicious websites which may exploit browser and code security flaws.
    • KeyScrambler: Add-on that protects your passwords from being detected by keyloggers.
  4. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  5. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  6. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:03:25 AM

Posted 18 July 2010 - 11:57 PM

Since this problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please send me a PM with the address of this thread. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users