Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown XP Desktop PC Problem


  • This topic is locked This topic is locked
27 replies to this topic

#1 ChuckLHead

ChuckLHead

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 25 July 2010 - 06:41 AM

My WinXP desktop PC has been acting up.

I ran dds but could not run gmer. When trying to run gmer or a browser (both FF or IE), a window opened asking What program do you want to use to run this program. So I can only provide the dds logs.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Gator at 14:36:59.68 on Thu 07/13/2000
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.481 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Gator.SANDY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTASK.EXE" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} - hxxps://ra.budco.com/ui/Axt.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://ra.budco.com/pdl/jt/msrdp.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gator~1.san\applic~1\mozilla\firefox\profiles\fj9sberp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-21 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-21 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-21 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-21 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2007-2-25 109440]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-21 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-1-20 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-1-20 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-20 40552]
S2 procguard;procguard;\??\c:\windows\system32\drivers\procguard.sys --> c:\windows\system32\drivers\procguard.sys [?]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2009-7-20 340480]
S3 DISK_DRIVE32;DISK_DRIVE32;\??\c:\documents and settings\troy\desktop\ultimate hack pack 4.0 public release\cheatengine\disk_1024.sys --> c:\documents and settings\troy\desktop\ultimate hack pack 4.0 public release\cheatengine\disk_1024.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-1-20 34248]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-5-7 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2008-5-7 3768]
S3 NUBBER;NUBBER;\??\c:\home\troy\hacks\nubbk32.sys --> c:\home\troy\hacks\nubbk32.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]
S3 sejt1;sejt1;\??\c:\documents and settings\troy\desktop\akumaengine\sejt.sys --> c:\documents and settings\troy\desktop\akumaengine\sejt.sys [?]
S3 spuce1;spuce1;\??\c:\documents and settings\troy\desktop\spuce 2.0\spuce.sys --> c:\documents and settings\troy\desktop\spuce 2.0\spuce.sys [?]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2008-12-14 38656]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 0234801269193264mcinstcleanup;McAfee Application Installer Cleanup (0234801269193264);c:\docume~1\gator~1.san\locals~1\temp\023480~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\gator~1.san\locals~1\temp\023480~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*
.exe=secfile

=============== Created Last 30 ================

2010-04-26 22:59:03 0 d-----w- c:\docume~1\alluse~1\applic~1\avG
2010-04-26 10:43:13 0 d-s---w- c:\documents and settings\gator.sandy\UserData
2010-04-10 12:16:15 0 d-----w- c:\program files\common files\DirectX
2010-04-10 12:08:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Disney Interactive Studios
2010-04-10 12:07:41 160 ----a-w- c:\windows\disneysy.ini
2010-03-26 08:18:05 0 d-----w- c:\program files\it-IT
2010-03-26 08:18:02 0 d-----w- c:\program files\de-DE
2010-03-26 08:17:56 0 d-----w- c:\program files\fr-FR
2010-03-26 08:17:53 0 d-----w- c:\program files\es-ES
2010-03-26 08:15:17 0 d-----w- c:\program files\Network Sharing
2010-03-26 08:15:14 0 d-----w- c:\program files\Drivers
2010-03-26 08:15:03 0 d-----w- c:\program files\en-US
2010-03-21 17:46:31 10759 ----a-w- c:\windows\system32\Config.MPF
2010-03-21 17:41:18 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-03-21 17:41:12 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-03-21 17:40:35 0 d-----w- c:\program files\common files\McAfee
2010-03-21 17:40:34 0 d-----w- c:\program files\McAfee.com
2010-03-21 17:40:07 0 d-----w- c:\program files\McAfee
2010-02-26 10:41:18 0 d-----w- c:\docume~1\gator~1.san\applic~1\WinPatrol
2010-02-26 10:41:04 0 d-----w- c:\program files\BillP Studios
2010-02-23 11:16:51 0 d-----w- c:\docume~1\gator~1.san\applic~1\ElevatedDiagnostics
2010-02-23 11:14:14 0 d-----w- c:\program files\Microsoft ATS
2010-02-12 10:35:13 0 d-----w- c:\docume~1\gator~1.san\applic~1\SUPERAntiSpyware.com
2010-01-23 14:31:27 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-01-17 12:10:05 0 d-----w- c:\docume~1\gator~1.san\applic~1\Malwarebytes
2010-01-16 13:30:21 0 d-----w- c:\documents and settings\gator.sandy\.idag
2010-01-07 18:42:02 912192 ----a-w- c:\program files\ZuneDBApi.dll
2010-01-07 18:42:02 554816 ----a-w- c:\program files\UIXcontrols.dll
2010-01-07 18:42:02 1521472 ----a-w- c:\program files\UIX.dll
2010-01-07 18:42:02 1304384 ----a-w- c:\program files\ZuneShell.dll
2010-01-07 18:42:00 644928 ----a-w- c:\program files\UIX.renderapi.dll
2010-01-07 18:38:18 87792 ----a-w- c:\program files\ZuneTaskbar.dll
2010-01-07 18:38:18 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 18:38:18 320224 ----a-w- c:\program files\ZuneSrcWrp.dll
2010-01-07 18:38:18 134384 ----a-w- c:\program files\ZuneZMDB.Library.dll
2010-01-07 18:38:18 133872 ----a-w- c:\program files\ZuneZMDB.ZuneHD.dll
2010-01-07 18:38:18 129264 ----a-w- c:\program files\ZuneZMDB.Classic.dll
2010-01-07 18:38:16 747248 ----a-w- c:\program files\ZuneService.dll
2010-01-07 18:38:16 61664 ----a-w- c:\program files\ZuneShellExt.dll
2010-01-07 18:38:16 609504 ----a-w- c:\program files\ZuneSH.dll
2010-01-07 18:38:16 410336 ----a-w- c:\program files\ZuneSP.dll
2010-01-07 18:38:16 381168 ----a-w- c:\program files\ZuneSE.dll
2010-01-07 18:38:16 17632 ----a-w- c:\program files\ZuneShare.exe
2010-01-07 18:38:16 1674992 ----a-w- c:\program files\ZuneSetup.exe
2010-01-07 18:38:16 16674032 ----a-w- c:\program files\ZuneShellResources.dll
2010-01-07 18:38:16 1454832 ----a-w- c:\program files\ZuneResources.dll
2010-01-07 18:38:16 142560 ----a-w- c:\program files\ZuneSA.dll
2010-01-07 18:38:10 682736 ----a-w- c:\program files\ZuneQP.dll
2010-01-07 18:38:10 626928 ----a-w- c:\program files\ZUNEMP4SDECD.dll
2010-01-07 18:38:10 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-01-07 18:38:10 57584 ----a-w- c:\program files\ZuneDXVA2.dll
2010-01-07 18:38:10 46304 ----a-w- c:\program files\ZuneConfig.exe
2010-01-07 18:38:10 19696 ----a-w- c:\program files\ZunePS.dll
2010-01-07 18:38:10 121056 ----a-w- c:\program files\ZuneEffects.dll
2010-01-07 18:38:08 945904 ----a-w- c:\program files\ZuneMarketplaceResources.dll
2010-01-07 18:38:08 842480 ----a-w- c:\program files\ZuneMde.dll
2010-01-07 18:38:08 6790384 ----a-w- c:\program files\ZuneNativeLib.dll
2010-01-07 18:38:08 5950704 ----a-w- c:\program files\ZuneNss.exe
2010-01-07 18:38:08 50416 ----a-w- c:\program files\ZuneCfg.dll
2010-01-07 18:38:08 38624 ----a-w- c:\program files\ZuneEnc.exe
2010-01-07 18:38:08 30960 ----a-w- c:\program files\UIXsup.dll
2010-01-07 18:38:08 297200 ----a-w- c:\program files\ZuneEvr.dll
2010-01-07 18:38:08 272112 ----a-w- c:\program files\ZuneNssci.dll
2010-01-07 18:38:08 209120 ----a-w- c:\program files\Zune.exe
2010-01-07 18:38:08 181984 ----a-w- c:\program files\ZuneHost.exe
2010-01-07 18:38:08 173808 ----a-w- c:\program files\ZuneDB.dll
2010-01-07 18:38:08 1692384 ----a-w- c:\program files\ZuneEncEng.dll
2010-01-07 18:38:08 158448 ----a-w- c:\program files\ZuneLauncher.exe
2010-01-07 18:38:08 1342192 ----a-w- c:\program files\UIXrender.dll
2010-01-07 18:38:08 120048 ----a-w- c:\program files\ZunePresenter.dll
2010-01-07 18:38:08 116448 ----a-w- c:\program files\ZuneAACDec.dll
2010-01-07 18:38:08 1053936 ----a-w- c:\program files\ZuneH264Dec.dll
2010-01-07 18:38:08 1025264 ----a-w- c:\program files\ZuneCore.dll
2010-01-07 18:22:04 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-01-07 18:22:04 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-01-07 18:22:04 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-01-07 18:22:04 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-01-07 18:22:04 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-01-07 18:22:04 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-01-07 18:22:02 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys
2010-01-02 00:01:25 95616 ----a-w- c:\windows\junction.exe
2009-12-31 17:37:51 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-31 17:37:47 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-31 17:37:44 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-12-31 17:37:40 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-31 17:37:36 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-31 17:37:08 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-31 17:37:03 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-31 17:37:02 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-12-31 17:35:59 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2009-12-31 17:34:58 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2009-12-31 17:33:57 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-12-31 17:32:56 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-12-31 17:31:59 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-12-31 17:30:58 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2009-12-31 17:29:59 404990 -c--a-w- c:\windows\system32\dllcache\slntamr.sys
2009-12-31 17:28:57 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-12-31 17:27:57 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2009-12-31 17:26:56 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2009-12-31 17:25:57 7552 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2009-12-31 17:24:56 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-12-31 17:23:59 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-12-31 17:22:54 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2009-12-31 17:21:51 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-12-31 17:21:49 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2009-12-31 17:21:38 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-12-31 17:21:35 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-12-31 17:21:34 56832 -c--a-w- c:\windows\system32\dllcache\msdvbnp.ax
2009-12-31 17:21:33 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-12-31 17:21:19 15360 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-31 17:21:14 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-12-31 17:21:06 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-12-31 17:19:57 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2009-12-31 17:18:51 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-12-31 17:17:43 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-12-31 17:16:34 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-12-31 17:15:58 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2009-12-31 17:14:58 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2009-12-31 17:13:59 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2009-12-31 17:12:59 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2009-12-31 17:11:58 65622 -c--a-w- c:\windows\system32\dllcache\digiasyn.dll
2009-12-31 17:10:59 9344 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2009-12-31 17:09:54 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-12-31 17:08:59 57856 -c--a-w- c:\windows\system32\dllcache\atinbtxx.sys
2009-12-31 17:07:31 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-31 16:41:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-31 16:41:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-31 03:29:46 0 d-----w- c:\program files\ESET
2009-12-29 23:00:44 2137088 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-29 23:00:42 2016768 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-29 13:05:19 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-12-29 12:44:58 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2009-12-29 12:43:59 79872 -c--a-w- c:\windows\system32\dllcache\iislog51.dll
2009-12-29 12:42:58 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2009-12-29 12:40:37 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-12-29 12:40:29 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-12-29 12:40:29 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-12-29 12:40:29 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-12-29 12:40:29 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-12-29 12:40:29 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-12-29 06:30:42 1071742976 ----a-w- c:\windows\MEMORY.DMP
2009-12-29 06:30:42 0 d-----w- c:\windows\dell
2009-12-29 06:04:44 0 d-----w- c:\windows\cag_tmp
2009-12-19 21:18:24 0 d-----w- C:\spoolerlogs
2009-12-12 22:18:36 0 d-----w- C:\Nexon
2009-12-12 20:10:39 1648462032 ----a-w- c:\program files\MSSetupv80.exe
2009-11-26 00:40:51 0 d-----w- c:\program files\Drug Wars
2009-10-27 03:25:03 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-27 03:25:02 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-27 03:23:16 0 d-----w- c:\program files\iTunes
2009-10-27 03:23:16 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-27 03:22:35 0 d-----w- c:\program files\Bonjour
2009-10-02 20:42:54 181632 ------w- c:\windows\system32\MpSigStub.exe
2009-09-22 20:15:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2009-09-22 20:15:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2009-09-22 20:14:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2009-09-22 19:29:30 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2009-09-22 19:29:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-09-05 05:54:48 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 05:54:48 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-08-21 15:23:20 930321 ----a-w- c:\windows\setupapi.old
2009-08-19 22:07:18 1415000 ----a-w- c:\windows\system32\msxml6.dll
2009-08-17 16:37:56 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll
2009-08-17 16:37:56 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2009-08-15 07:07:46 0 d-----w- c:\windows\SxsCaPendDel
2009-08-12 07:02:44 0 d-----w- c:\windows\ServicePackFiles
2009-08-07 00:24:18 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-08-07 00:24:12 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-08-07 00:24:06 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-08-07 00:24:00 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-08-04 17:20:00 0 d-----w- c:\program files\ybasyj
2009-07-21 18:19:22 0 d-----w- c:\windows\usb-audio.deBehringer2902
2009-07-21 05:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-20 14:02:42 0 d-----w- c:\program files\Audacity
2009-07-20 12:59:44 340480 ----a-r- c:\windows\system32\drivers\BUSB2902.sys
2009-07-20 12:52:24 0 d-----w- c:\program files\energyXT2
2009-07-20 12:45:16 0 d-----w- c:\program files\Native Instruments
2009-07-17 07:25:00 0 d-----w- c:\program files\Western Digital
2009-07-17 07:20:19 0 d-s---w- c:\docume~1\alluse~1\applic~1\Memeo
2009-07-12 15:27:24 0 d-----w- c:\program files\WhatsRunning
2009-06-27 10:20:29 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-27 10:14:01 0 d-----w- c:\program files\SUPERAntiSpyware
2009-06-10 07:03:42 118 ----a-w- c:\windows\system32\MRT.INI
2009-06-01 20:06:38 0 d-sh--w- c:\documents and settings\all users\DRM
2009-03-12 14:44:32 0 d-----w- c:\program files\HI-TECH Software
2009-03-12 14:32:07 0 d-----w- c:\program files\National Instruments
2009-03-12 14:31:13 0 d-----w- c:\docume~1\alluse~1\applic~1\National Instruments
2009-03-09 22:23:09 0 d-----w- c:\program files\Puzzle Quest
2009-03-08 16:27:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-08 14:54:44 54156 ---ha-w- c:\windows\QTFont.qfn
2009-03-08 14:54:44 1409 ----a-w- c:\windows\QTFont.for
2009-03-06 08:02:05 0 d-----w- c:\program files\MSXML 6.0
2009-03-05 23:07:35 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-03-04 18:29:12 0 d-----w- c:\windows\system32\XPSViewer
2009-03-04 18:17:58 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-03-04 18:16:39 0 d-----w- c:\windows\Logs
2009-03-01 17:32:28 0 d-----w- c:\windows\Puzzle Quest
2009-03-01 17:32:10 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-03-01 17:32:07 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-02-26 08:05:05 0 d-----w- c:\program files\WinAce
2009-02-22 05:44:23 715248 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-02-10 07:46:19 0 d-----w- c:\program files\uTorrent
2008-12-15 00:08:43 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2008-12-15 00:08:43 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2008-12-15 00:08:27 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2008-12-15 00:08:27 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2008-12-15 00:06:16 37760 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2008-12-15 00:06:16 25216 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2008-12-12 15:18:16 87336 ----a-w- c:\windows\system32\dns-sd.exe
2008-12-12 15:11:46 61440 ----a-w- c:\windows\system32\dnssd.dll
2008-11-15 14:47:18 14618605 ----a-w- c:\windows\vlc-0.9.6-win32.exe
2008-11-04 07:07:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-11-04 07:07:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-11-04 07:05:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-11-03 23:36:59 464384 ----a-w- c:\windows\system32\imapi2fs.dll
2008-11-03 23:36:58 317952 ----a-w- c:\windows\system32\imapi2.dll
2008-10-16 04:34:41 0 d-----w- c:\program files\Pando Networks
2008-09-18 11:11:30 0 d-----w- c:\windows\system32\CatRoot_bak
2008-08-27 21:19:00 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2008-08-27 21:19:00 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2008-07-30 01:28:23 0 d-----w- c:\program files\Guitar Pro 5
2008-07-30 01:10:04 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-30 01:10:04 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-30 01:10:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-30 00:35:46 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2008-07-29 23:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-29 23:59:58 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2008-07-29 23:59:58 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-29 23:59:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 23:24:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-29 23:24:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-29 23:24:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2008-07-29 23:24:50 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-29 09:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 15:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 15:16:58 282112 ----a-w- c:\windows\system32\mscoree.dll
2008-07-25 15:16:58 158720 ----a-w- c:\windows\system32\mscorier.dll
2008-07-25 15:16:46 96760 ----a-w- c:\windows\system32\dfshim.dll
2008-07-14 00:30:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-07-14 00:30:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-07-14 00:30:27 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2008-07-09 00:07:14 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-07-09 00:07:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-07-09 00:07:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2008-07-08 22:05:32 0 d-----w- c:\program files\Spybot - Search & Destroy
2008-07-08 22:05:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-05-08 01:33:22 0 d-----w- C:\Converted
2008-05-08 01:29:44 508544 ----a-w- c:\windows\system32\drivers\MusCDriverV32.sys
2008-05-08 01:29:44 3768 ----a-w- c:\windows\system32\drivers\MusCVideo32.sys
2008-04-17 23:11:06 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2008-04-12 14:25:06 0 d-----w- c:\program files\Dell Support Center
2008-04-12 14:25:00 0 d-----w- c:\program files\common files\supportsoft
2008-04-12 04:43:37 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2008-04-12 04:41:46 0 d-----w- c:\program files\common files\AVSMedia
2008-04-12 04:41:14 24576 ----a-w- c:\windows\system32\msxml3a.dll
2008-04-12 04:41:14 156910 ----a-w- c:\windows\WMSysPr8.prx
2008-04-12 04:41:12 53248 ----a-w- c:\windows\system32\xvid.ax
2008-04-12 04:41:12 524288 ----a-w- c:\windows\system32\xvidcore.dll
2008-04-12 04:41:12 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2008-04-12 04:41:12 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2008-04-12 04:41:11 82944 ----a-w- c:\windows\system32\vct3216.acm
2008-04-12 04:41:11 81920 ----a-w- c:\windows\system32\AC3ACM.acm
2008-04-12 04:41:11 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2008-04-12 04:41:11 38912 ----a-w- c:\windows\system32\alf2cd.acm
2008-04-12 04:41:11 13239 ----a-w- c:\windows\system32\Scg726.acm
2008-04-12 03:43:43 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2008-04-12 02:33:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2008-04-12 02:33:24 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-05 22:21:42 0 d-----w- c:\program files\Western Digital Technologies
2008-03-29 21:06:26 23392 ----a-w- c:\windows\system32\nscompat.tlb
2008-03-29 21:06:26 16832 ----a-w- c:\windows\system32\amcompat.tlb
2008-03-29 21:06:23 0 d-----w- c:\program files\Windows Media Connect 2
2008-03-28 22:30:17 0 d-----w- c:\program files\CCleaner
2008-03-28 22:07:49 45 ----a-w- c:\windows\system32\RPVersion.ini
2008-03-28 22:04:32 0 d-----w- c:\program files\RegistryPatrol3.0
2008-02-16 12:26:09 0 d-----w- c:\program files\Lavasoft
2008-02-08 21:22:07 0 d-----w- c:\program files\common files\INCA Shared
2007-12-28 21:10:59 0 d-----w- c:\program files\Activision Value
2007-12-12 20:51:50 147456 ----a-w- c:\windows\system32\AbsoluteHttp.dll
2007-11-30 22:16:18 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2007-11-27 19:38:06 348 ----a-w- c:\windows\system32\lookout.sec
2007-10-23 21:21:02 0 d-----w- c:\program files\Speech
2007-08-27 19:56:58 1089440 ----a-w- c:\program files\msidcrl40.dll
2007-08-17 16:28:24 125 ----a-w- C:\ioSpecial.ini
2007-08-17 16:19:23 4096 ----a-w- c:\windows\d3dx.dat
2007-08-17 15:26:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Oberon Games
2007-08-11 12:38:04 12820 ----a-w- c:\windows\system32\ifweb60
2007-07-21 01:00:47 345 ----a-w- c:\windows\disney.ini
2007-07-15 19:21:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Musicnotes
2007-06-29 19:49:34 0 d-----w- c:\program files\common files\Vbox
2007-06-29 19:48:44 0 d-----w- c:\program files\Macromedia
2007-05-15 01:38:36 0 d-----w- c:\docume~1\alluse~1\applic~1\NexonUS
2007-05-05 01:47:33 0 d-----w- c:\program files\Guitar ProSongs
2007-04-16 01:14:59 0 d-----w- c:\program files\DellSupport
2007-03-28 21:25:22 0 d-----w- c:\windows\Application Data
2007-02-25 22:20:51 109440 ----a-w- c:\windows\system32\drivers\KbdCap.sys
2007-02-25 16:10:48 5376 --s-a-w- c:\windows\system32\drivers\dsunidrv.sys
2007-01-20 17:38:32 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2007-01-20 17:38:31 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2007-01-20 17:38:31 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2007-01-20 17:38:28 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2007-01-16 01:11:52 0 d-----w- c:\program files\Dtab
2006-11-26 12:36:25 0 d-----w- c:\windows\network diagnostic
2006-11-20 15:06:54 512 ----a-w- C:\drmHeader.bin
2006-11-17 08:01:44 0 d-----w- c:\program files\MSXML 4.0
2006-11-09 01:57:05 0 d-----w- c:\program files\common files\Adobe Systems Shared
2006-11-07 08:25:58 10240 ----a-w- c:\windows\system32\advpack.dll.mui
2006-11-05 12:51:31 0 d-----w- c:\windows\system32\appmgmt
2006-11-02 12:00:10 24136 ----a-w- c:\windows\system32\winusb.dll
2006-11-02 12:00:08 39368 ----a-w- c:\windows\system32\drivers\winusb.sys
2006-11-02 11:22:54 444136 ----a-w- c:\windows\system32\drivers\wdf01000.sys
2006-11-02 11:22:52 37608 ----a-w- c:\windows\system32\drivers\wdfldr.sys
2006-10-24 17:30:20 412160 ----a-w- c:\windows\system32\photometadatahandler.dll
2006-10-24 17:30:06 716288 ----a-w- c:\windows\system32\WindowsCodecs.dll
2006-10-24 17:30:00 276992 ----a-w- c:\windows\system32\WMPhoto.dll
2006-10-24 17:29:50 352256 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2006-10-21 02:30:06 1980704 ----a-w- c:\windows\system32\milcore.dll
2006-10-19 00:00:46 249856 ----a-w- c:\windows\system32\drmupgds.exe
2006-10-19 00:00:14 17408 ----a-w- c:\windows\system32\wpdshextautoplay.exe
2006-10-17 17:02:20 991232 ----a-w- c:\windows\system32\ieframe.dll.mui
2006-10-15 01:22:00 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2006-10-15 01:21:58 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2006-10-14 21:43:38 117760 ----a-w- c:\windows\system32\prntvpt.dll
2006-10-04 22:56:30 19100 ----a-w- c:\windows\system32\pghash.dat
2006-10-04 22:56:29 94732 ----a-w- c:\windows\system32\pguard.dat
2006-10-04 01:42:00 30 ----a-w- C:\antiprevet.ini
2006-10-02 19:28:42 312128 ----a-w- c:\windows\system32\msdelta.dll
2006-09-29 00:13:26 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2006-09-28 23:00:34 132224 ----a-w- c:\windows\system32\drivers\WudfRd.sys
2006-09-28 22:56:38 567808 ----a-w- c:\windows\system32\WUDFx.dll
2006-09-28 22:56:38 195584 ----a-w- c:\windows\system32\WudfHost.exe
2006-09-28 22:56:16 148480 ----a-w- c:\windows\system32\WudfPlatform.dll
2006-09-28 22:56:14 64512 ----a-w- c:\windows\system32\WudfSvc.dll
2006-09-28 22:55:50 91904 ----a-w- c:\windows\system32\drivers\WudfPf.sys
2006-09-28 22:49:40 30 ----a-w- C:\antiprevet2.ini
2006-09-27 21:53:22 36560 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2006-09-26 01:05:06 0 d-sh--w- c:\windows\ftpcache
2006-09-23 17:12:38 74715 ----a-w- c:\windows\system32\IE7Eula.rtf
2006-09-01 12:44:04 8798 ----a-w- c:\windows\system32\icrav03.rat
2006-09-01 12:44:04 1988 ----a-w- c:\windows\system32\ticrf.rat
2006-08-24 21:15:06 150808 ----a-w- c:\windows\system32\rgb9rast_2.dll
2006-08-23 11:32:49 0 d-----w- c:\program files\DivX
2006-08-21 20:45:04 20480 ----a-w- c:\windows\system32\UnInstall_KAccess.exe
2006-08-21 20:45:04 0 d-----w- c:\program files\KSIGN
2006-08-21 20:26:16 0 d-----w- c:\program files\Ntreev
2006-08-04 15:37:37 73728 ----a-w- c:\windows\system32\dpl100.dll
2006-08-04 15:37:37 196608 ----a-w- c:\windows\system32\dtu100.dll
2006-07-28 11:54:02 0 d-----w- c:\windows\system32\LogFiles
2006-07-27 17:42:55 7680 --sha-w- c:\windows\Thumbs.db
2006-07-27 16:28:09 0 d-----w- c:\program files\common files\Wise Installation Wizard
2006-07-27 02:05:58 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2006-07-19 15:55:18 86728 ----a-w- c:\windows\system32\msxml6r.dll
2006-07-16 11:44:31 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2006-07-16 11:44:30 129 ----a-w- c:\windows\primopdf.ini
2006-07-16 11:44:20 0 d-----w- c:\windows\PrimoPDF
2006-07-16 11:44:20 0 d-----w- c:\program files\activePDF
2006-07-03 21:40:50 778240 ----a-w- c:\windows\system32\divx_xx0c.dll
2006-07-03 21:40:50 778240 ----a-w- c:\windows\system32\divx_xx07.dll
2006-07-03 21:40:49 761856 ----a-w- c:\windows\system32\divx_xx11.dll
2006-07-03 21:40:49 620180 ----a-w- c:\windows\system32\DivX.dll
2006-06-30 02:35:11 0 d-----w- c:\program files\Power Tab Software
2006-06-29 13:05:44 26112 ----a-w- c:\windows\system32\idndl.dll
2006-06-29 13:05:44 23552 ----a-w- c:\windows\system32\normaliz.dll
2006-06-28 22:59:26 24576 ----a-w- c:\windows\system32\nlsdl.dll
2006-06-27 01:28:47 704512 ----a-w- c:\windows\system32\divxdec.ax
2006-06-26 21:36:24 227 ----a-w- c:\windows\PowerReg.dat
2006-06-26 21:36:22 45568 ----a-r- c:\windows\UniFish3.exe
2006-06-21 19:41:42 352401 ----a-w- c:\windows\system32\DivXMedia.ax
2006-06-21 10:49:46 53248 ----a-w- c:\windows\system32\dpuGUI10.dll
2006-06-21 10:43:08 520192 ----a-w- c:\windows\system32\DivXsm.exe
2006-06-21 10:43:08 4276 ----a-w- c:\windows\system32\divxsm.tlb
2006-06-21 10:43:08 15507 ----a-w- c:\windows\system32\dsm_de.qm
2006-06-21 10:43:08 15299 ----a-w- c:\windows\system32\dsm_fr.qm
2006-06-21 10:43:08 10863 ----a-w- c:\windows\system32\dsm_ja.qm
2006-06-21 10:42:56 200704 ----a-w- c:\windows\system32\ssldivx.dll
2006-06-21 10:42:56 1044480 ----a-w- c:\windows\system32\libdivx.dll
2006-06-21 10:34:21 593920 ----a-w- c:\windows\system32\dpuGUI11.dll
2006-06-21 10:34:21 57344 ----a-w- c:\windows\system32\dpv11.dll
2006-06-21 10:34:21 344064 ----a-w- c:\windows\system32\dpus11.dll
2006-06-21 10:34:21 294912 ----a-w- c:\windows\system32\dpu11.dll
2006-06-21 10:34:21 294912 ----a-w- c:\windows\system32\dpu10.dll
2006-06-21 10:33:40 12288 ----a-w- c:\windows\system32\DivXWMPExtType.dll
2006-06-21 10:33:40 118784 ----a-w- c:\windows\system32\DivXCodecUpdateChecker.exe
2006-06-15 20:21:57 14146 ----a-w- c:\windows\system32\nmesrvc_core_2006_6_15_16_21_55.dmp
2006-06-11 10:27:26 0 d-----w- c:\program files\Skype
2006-06-08 17:06:50 66384 ----a-w- c:\windows\system32\normnfkc.nls
2006-06-08 17:06:50 60294 ----a-w- c:\windows\system32\normnfkd.nls
2006-06-08 17:06:50 59342 ----a-w- c:\windows\system32\normidna.nls
2006-06-08 17:06:50 45794 ----a-w- c:\windows\system32\normnfc.nls
2006-06-08 17:06:50 39284 ----a-w- c:\windows\system32\normnfd.nls
2006-06-02 22:36:34 2550 ----a-w- c:\windows\system32\Uninstall.ico
2006-06-02 22:36:34 1406 ----a-w- c:\windows\system32\Help.ico
2006-06-02 09:50:44 0 d-----w- c:\program files\ewido anti-malware
2006-06-01 18:47:07 27648 -c----w- c:\windows\system32\dllcache\jgpl400.dll
2006-06-01 18:47:07 163840 -c----w- c:\windows\system32\dllcache\jgdw400.dll
2006-05-02 10:49:47 0 d-----w- c:\program files\SSH Communications Security
2006-04-22 11:28:12 0 d-----w- c:\program files\Camel's MPEGJoin
2006-04-22 11:28:03 286720 ----a-w- c:\windows\Setup1.exe
2006-04-22 11:28:02 73216 ----a-w- c:\windows\ST6UNST.EXE
2006-04-05 01:11:54 0 d-----w- c:\program files\iPod
2006-04-03 14:59:54 128 ----a-w- c:\windows\system32\xposer.cfg
2006-04-03 14:59:16 128 ----a-w- c:\windows\system32\asinst.cfg
2006-03-20 21:33:54 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2006-03-17 00:38:01 28672 ----a-w- c:\windows\system32\verclsid.exe
2006-02-25 16:54:42 107134 ----a-w- c:\windows\UninstallFirefox.exe
2006-02-19 15:38:57 2560 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2006-02-19 15:38:57 2432 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2006-02-12 02:43:04 0 d-----w- C:\Adobe
2006-02-08 01:12:59 0 -c--a-w- c:\windows\system32\nmesrvc_core_2006_2_7_20_12_58.dmp
2006-02-06 10:54:22 0 d-----w- c:\windows\system32\Adobe
2005-12-11 12:49:11 87488 ----a-w- c:\windows\system32\drivers\drvmcdb.sys
2005-12-11 12:49:11 40480 ----a-w- c:\windows\system32\drivers\drvnddm.sys
2005-12-11 12:49:10 98358 ----a-w- c:\windows\dla.exe
2005-12-11 12:49:10 61498 ----a-w- c:\windows\system32\tfswapi.dll
2005-12-11 12:49:10 5627 ----a-w- c:\windows\system32\drivers\sscdbhk5.sys
2005-12-11 12:49:10 23545 ----a-w- c:\windows\system32\drivers\ssrtln.sys
2005-10-31 19:48:29 38229 ----a-w- c:\windows\system32\drivers\StMp3Rec.sys
2005-10-19 16:44:38 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2005-10-19 16:44:38 4682 ----a-w- c:\windows\system32\npptNT2.sys
2005-09-28 00:31:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Napster
2005-09-28 00:31:03 0 d-----w- c:\program files\Napster
2005-09-28 00:11:58 0 d-----w- c:\program files\illiminable
2005-09-28 00:09:57 0 d-----w- c:\program files\Yahoo!
2005-09-20 15:14:26 24736 ----a-w- c:\windows\system32\igxpxs32.vp
2005-09-20 14:52:34 61440 ----a-w- c:\windows\system32\iAlmCoIn_v4396.dll
2005-09-20 14:44:50 524288 ----a-w- c:\windows\system32\igldev32.dll
2005-09-20 14:43:00 2310144 ----a-w- c:\windows\system32\iglicd32.dll
2005-09-20 14:36:46 143360 ----a-w- c:\windows\system32\igfxrrus.lrc
2005-09-20 14:32:16 159744 ----a-w- c:\windows\system32\igfxsrvc.exe
2005-09-20 14:26:40 929 ----a-w- c:\windows\system32\igxpxa32.vp
2005-09-20 14:26:40 58704 ----a-w- c:\windows\system32\igxpxk32.vp
2005-09-20 14:26:40 524850 ----a-w- c:\windows\system32\igxpxa32.cpa
2005-09-06 09:00:47 0 d-----w- c:\windows\system32\NtmsData
2005-09-04 13:08:44 77824 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2005-09-02 17:57:08 1071 ----a-w- c:\windows\AWMODEM.INF
2005-08-28 09:34:28 5220 ----a-r- c:\windows\system32\drivers\CVirtA.sys
2005-08-28 09:33:38 138916 ----a-w- c:\windows\system32\drivers\dne2000.sys
2005-08-28 09:33:38 114000 ----a-w- c:\windows\system32\dneinobj.dll
2005-07-12 23:04:22 23304 ----a-w- c:\windows\system32\GWFSPidGen.dll
2005-07-03 12:38:57 0 d-----w- C:\TEMP
2005-07-03 11:48:29 28672 ----a-w- c:\windows\system32\JAWTAccessBridge.dll
2005-07-03 11:48:29 139264 ----a-w- c:\windows\system32\JavaAccessBridge.dll
2005-06-29 07:00:31 0 d-----w- c:\windows\system32\PreInstall
2005-06-15 17:32:45 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2005-06-07 23:21:31 149504 ----a-w- c:\windows\UNWISE.EXE
2005-06-07 23:19:37 89088 ----a-w- c:\windows\system32\atl71.dll
2005-04-15 22:58:16 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2005-03-05 17:33:37 184320 ----a-w- c:\windows\system32\gtdownde_110.ocx
2005-03-05 17:33:37 1099 ----a-w- c:\windows\system32\gtdownde_110.inf
2005-02-26 10:06:48 0 d-----w- c:\windows\system32\mclsphlr
2005-02-26 10:06:47 114688 ----a-w- c:\windows\system32\mclsp.dll
2005-02-26 10:06:46 32768 ----a-w- c:\windows\system32\instlsp.exe
2005-02-26 10:06:45 11264 ----a-w- c:\windows\system32\sporder.dll
2005-02-22 23:39:07 0 d-----w- c:\program files\AOD
2005-02-22 23:38:45 13841 ----a-w- c:\windows\mozver.dat
2005-02-22 23:37:29 0 d-----w- c:\program files\Netscape
2005-02-18 03:31:24 291328 ----a-w- c:\windows\system32\xzipper30.ocx
2005-02-17 21:29:22 57344 ----a-w- c:\windows\system32\CGZipLibrary.dll
2005-02-12 19:42:59 8096 ----a-w- c:\windows\system32\OLEGUIDS.TLB
2005-02-12 19:09:18 18728 ----a-w- c:\windows\system32\ISHF_Ex.tlb
2005-02-12 19:08:39 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2005-02-12 18:43:01 245760 ----a-w- c:\windows\system32\vbalColumnTreeView6.ocx
2005-02-05 19:57:19 982 ----a-w- c:\windows\eReg.dat
2005-01-23 14:55:54 61440 ----a-w- c:\windows\system32\iAlmCoIn_v4020.dll
2005-01-22 14:01:01 0 d-----w- c:\program files\OfficeUpdate11
2005-01-22 13:58:14 376 ----a-w- c:\windows\ODBC.INI
2005-01-22 13:58:10 24816 ----a-w- c:\windows\system32\mdimon.dll
2005-01-22 13:57:43 0 d-----w- c:\program files\Microsoft ActiveSync
2005-01-18 01:15:16 5632 ----a-w- c:\windows\system32\ptpusb.dll
2005-01-18 01:15:15 159232 ----a-w- c:\windows\system32\ptpusd.dll
2005-01-04 00:03:50 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap
2005-01-01 13:49:02 1031 ----a-w- c:\windows\cdPlayer.ini
2004-12-27 14:38:08 790 ----a-w- c:\windows\dellstat.ini
2004-12-27 14:36:22 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2004-12-27 14:36:22 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2004-12-27 14:36:09 0 d-----w- c:\program files\Dell Photo AIO Printer 922
2004-12-27 14:36:06 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2004-12-27 14:36:06 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2004-12-27 14:36:02 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2004-12-27 14:36:02 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2004-12-24 11:33:11 0 d-----w- c:\windows\pss
2004-12-22 03:12:29 0 d-----w- C:\home
2004-12-21 10:22:54 2 ----a-w- c:\windows\msoffice.ini
2004-12-21 03:05:19 0 d-----w- c:\program files\WildTangent
2004-12-21 03:05:02 0 d-----w- c:\program files\AWS
2004-12-21 02:43:24 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2004-12-21 02:43:24 0 d-----w- c:\windows\system32\SoftwareDistribution
2004-12-21 02:31:50 8192 ----a-w- c:\windows\REGLOCS.OLD
2004-12-16 14:10:03 61 ----a-w- c:\windows\smscfg.ini
2004-12-16 14:09:10 89440 ----a-w- c:\windows\system32\Status.MPF
2004-12-16 14:08:22 0 d--h--w- c:\windows\$hf_mig$
2004-12-16 14:08:17 87 ----a-w- C:\SystemInfo.ini
2004-12-16 14:08:03 0 d-s---w- c:\windows\occache
2004-12-16 14:08:03 0 d-----w- c:\program files\Learn2.com
2004-12-16 14:08:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint
2004-12-16 14:07:59 1483264 ----a-w- c:\windows\system32\shdocvw.bak
2004-12-16 14:07:46 0 d-----w- c:\program files\common files\Nullsoft
2004-12-16 14:07:24 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2004-12-16 14:07:20 24576 ----a-w- c:\windows\system32\prefscpl.cpl
2004-12-16 14:07:19 0 d-----w- c:\program files\common files\Real
2004-12-16 14:06:44 29184 ----a-w- c:\windows\system32\popup.ocx
2004-12-16 14:06:26 221184 ----a-w- c:\windows\system32\wmpns.dll
2004-12-16 14:06:13 503808 ----a-w- c:\windows\system32\msvcp71.dll
2004-12-16 14:06:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2004-12-16 14:06:00 746 ---ha-w- C:\IPH.PH
2004-12-16 14:06:00 0 d-----w- c:\program files\common files\AOL
2004-12-16 14:04:54 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com
2004-12-16 14:04:34 110080 ----a-w- c:\windows\system32\pxinsi64.exe
2004-12-16 14:04:34 109056 ----a-w- c:\windows\system32\pxcpyi64.exe
2004-12-16 14:03:22 0 d-----w- c:\program files\Dell Inc
2004-12-16 14:02:20 0 d-----w- c:\program files\Jasc Software Inc
2004-12-16 14:02:20 0 d-----w- c:\program files\common files\Jasc Software Inc
2004-12-16 14:02:02 2888 ----a-w- c:\windows\system32\OEMINFO.PNF
2004-12-16 14:01:47 780 ----a-w- c:\windows\wininit.ini
2004-12-16 14:01:47 0 d-----w- c:\windows\system32\dla
2004-12-16 14:01:45 0 d-----w- c:\program files\common files\Sonic
2004-12-16 14:01:19 0 d-----w- c:\program files\Sonic
2004-12-16 14:01:12 0 d-----w- c:\program files\Microsoft Plus! Photo Story 2 LE
2004-12-16 14:01:08 0 d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2004-12-16 14:00:15 0 d-----w- c:\program files\MUSICMATCH
2004-12-16 13:59:40 0 d-----w- c:\windows\RegisteredPackages
2004-12-16 13:58:51 0 d--h--w- c:\windows\ShellNew
2004-12-16 13:58:24 0 d-----w- c:\program files\Your Company Name
2004-12-16 13:57:09 0 d-----w- c:\program files\Dell
2004-12-16 13:56:43 0 d-----w- c:\program files\NetWaiting
2004-12-16 13:56:36 0 d-----w- c:\program files\Digital Line Detect
2004-12-16 13:56:29 0 d-----w- c:\program files\Modem Helper
2004-12-16 13:55:37 0 d-----w- c:\program files\Analog Devices
2004-12-16 13:45:34 526586 ----a-w- c:\windows\system32\PerfStringBackup.INI
2004-12-16 13:44:43 0 d-----w- c:\windows\system32\ReinstallBackups
2004-12-16 13:44:24 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2004-12-16 13:44:24 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2004-12-16 13:44:23 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2004-12-16 13:44:23 4096 ----a-w- c:\windows\system32\ksuser.dll
2004-12-16 13:44:23 130048 -c--a-w- c:\windows\system32\dllcache\ksproxy.ax
2004-12-16 13:44:23 130048 ----a-w- c:\windows\system32\ksproxy.ax
2004-12-16 13:44:21 0 d-----w- c:\program files\CONEXANT
2004-12-16 13:44:04 2206 ----a-w- c:\windows\system32\WPA.DBL
2004-12-16 13:31:10 4765 ---ha-r- C:\DELL.SDR
2004-12-16 13:04:46 0 d---a-w- C:\DRIVERS
2004-12-16 13:04:38 4765 ----a-w- c:\windows\system32\drivers\1028_Dell_DIM_DIM3000.mrk
2004-12-16 12:57:00 0 d--h--w- c:\program files\WindowsUpdate
2004-12-16 12:56:52 0 d-----w- c:\program files\Online Services
2004-12-16 12:56:50 0 d-----w- c:\program files\MSN Gaming Zone
2004-12-16 12:56:50 0 d-----w- c:\program files\Messenger
2004-12-16 12:56:30 0 d-----w- c:\program files\Windows NT
2004-12-16 12:56:28 0 d-----w- c:\program files\common files\MSSoap
2004-12-16 12:56:26 0 d-----w- c:\program files\common files\ODBC
2004-12-16 12:56:24 0 d-----w- c:\program files\common files\SpeechEngines
2004-12-16 12:56:22 0 d-sh--w- c:\documents and settings\all users\DRMbackup
2004-12-16 12:56:20 0 d-----w- c:\docume~1\alluse~1\applic~1\SBSI
2004-12-16 12:56:20 0 d-----r- c:\documents and settings\all users\Documents
2004-11-14 17:07:49 0 d-----w- c:\program files\PC-home
2004-11-13 07:06:32 0 d-----w- c:\program files\Sandboxie
2004-11-10 16:30:21 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files

==================== Find3M ====================

2010-03-10 08:02:04 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 06:12:23 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12:17 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31:30 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19:55 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39:04 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01:43 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-15 12:25:13 340656 ----a-w- c:\windows\fonts\black_metal_logos_dingbats.ttf
2010-01-13 14:10:54 85504 ----a-w- c:\windows\system32\cabview.dll
2010-01-07 18:24:16 232448 ----a-w- c:\program files\l3codecp.acm
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 12:39:09 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-24 07:05:26 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:33:35 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:33:35 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:37:27 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:37:27 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37:27 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37:27 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37:27 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 03:51:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-15 17:21:47 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:47:14 352256 ----a-w- c:\windows\system32\winhttp.dll
2009-08-14 12:19:41 1850112 ----a-w- c:\windows\system32\win32k.sys
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 04:57:32 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 18:55:28 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27:47 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-13 15:08:14 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36:08 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36:08 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36:08 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36:08 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36:08 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36:08 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36:08 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36:08 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36:08 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36:08 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36:08 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36:08 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44:41 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44:41 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44:41 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44:41 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44:41 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-22 11:49:23 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49:23 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49:04 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48:44 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34:52 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 11:50:54 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50:53 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 06:32:40 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42:37 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-05-07 15:44:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 15:11:19 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 03:02:22 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-09 19:27:22 30812 ----a-w- c:\windows\fonts\brutal-tooth.ttf
2009-03-06 14:44:35 283648 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 10:20:34 399360 ----a-w- c:\windows\system32\rpcss.dll
2009-02-09 10:20:33 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 10:20:33 616960 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 10:20:33 473088 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 10:20:32 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-06 17:14:03 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 16:54:36 35328 ----a-w- c:\windows\system32\sc.exe
2009-02-06 16:39:29 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2008-10-23 13:01:36 283648 ----a-w- c:\windows\system32\gdi32.dll
2008-08-14 09:51:43 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2008-07-31 15:41:54 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2008-07-31 15:41:52 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2008-07-31 15:40:32 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2008-07-12 13:18:52 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2008-07-12 13:18:52 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2008-07-12 13:18:52 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2008-07-07 20:32:22 253952 ----a-w- c:\windows\system32\es.dll
2008-06-24 22:12:58 295936 ----a-w- c:\windows\system32\wmpeffects.dll
2008-06-24 16:23:05 74240 ----a-w- c:\windows\system32\mscms.dll
2008-06-20 17:41:10 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 10:45:13 360320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-18 09:03:08 938496 ----a-w- c:\windows\system32\WMNetmgr.dll
2008-06-18 05:09:22 100864 ----a-w- c:\windows\system32\logagent.exe
2008-06-13 13:10:50 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2008-06-12 14:16:46 956928 ----a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:16:46 91648 ----a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:16:46 66560 ----a-w- c:\windows\system32\mtxclu.dll
2008-06-12 14:16:46 58880 ----a-w- c:\windows\system32\msdtclog.dll

============= FINISH: 14:39:16.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ChuckLHead

ChuckLHead
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 28 July 2010 - 07:09 AM

Addition: I managed to get gmer to run by right-clicking it and selecting "Run As" and selecting Administrator.

I am attaching the resulting gmer log file for review.

Also, to try to resolve the "Please select a program to run this file" message that I am getting, I ran a registry update script to try to repair the file associations. This does not appear to have helped as I am still unable to click on FF and have it run. It still opens the "Please select a program..." window. Also, I tried re-running FF by right-clicking the icon and selecting "Run As" - Administrator. Now it gives me a message that FF crashed. sad.gif

Help is greatly appreciated.

ChuckLHead

Edited by ChuckLHead, 28 July 2010 - 07:13 AM.


#3 ChuckLHead

ChuckLHead
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 28 July 2010 - 07:55 PM

I've managed to resolve at least part of the problem. I got my McAfee to work and then MBAM. Between them, they cleaned out 28 infections.

I ran a registry repair which seems to have resolved the issue with the "What program do you want to use to run this file".

I'm not sure if this is the W32/Swen virus and if the machine is totally clean.

I successfully re-ran DDS and GMER and am providing the DDS information here. GMER will be attached to a follow-up message.

Help is still appreciated.

Thanks,

ChuckLHead

DDS.txt*******


DDS (Ver_10-03-17.01) - NTFSx86
Run by Gator at 18:32:54.52 on Wed 07/28/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.386 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\WINDOWS\System32\svchost.exe -k nosGetPlusHelper
C:\Documents and Settings\Gator.SANDY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTASK.EXE" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} - hxxps://ra.budco.com/ui/Axt.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://ra.budco.com/pdl/jt/msrdp.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gator~1.san\applic~1\mozilla\firefox\profiles\fj9sberp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\gator.sandy\application data\mozilla\firefox\profiles\fj9sberp.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-21 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-21 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-21 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-21 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2007-2-25 109440]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-21 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-1-20 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-1-20 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-1-20 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-20 40552]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-12 14336]
S2 procguard;procguard;\??\c:\windows\system32\drivers\procguard.sys --> c:\windows\system32\drivers\procguard.sys [?]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2009-7-20 340480]
S3 DISK_DRIVE32;DISK_DRIVE32;\??\c:\documents and settings\troy\desktop\ultimate hack pack 4.0 public release\cheatengine\disk_1024.sys --> c:\documents and settings\troy\desktop\ultimate hack pack 4.0 public release\cheatengine\disk_1024.sys [?]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-5-7 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2008-5-7 3768]
S3 NUBBER;NUBBER;\??\c:\home\troy\hacks\nubbk32.sys --> c:\home\troy\hacks\nubbk32.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]
S3 sejt1;sejt1;\??\c:\documents and settings\troy\desktop\akumaengine\sejt.sys --> c:\documents and settings\troy\desktop\akumaengine\sejt.sys [?]
S3 spuce1;spuce1;\??\c:\documents and settings\troy\desktop\spuce 2.0\spuce.sys --> c:\documents and settings\troy\desktop\spuce 2.0\spuce.sys [?]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2008-12-14 38656]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 0234801269193264mcinstcleanup;McAfee Application Installer Cleanup (0234801269193264);c:\docume~1\gator~1.san\locals~1\temp\023480~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\gator~1.san\locals~1\temp\023480~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================


==================== Find3M ====================

2010-07-15 19:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 18:42:02 912192 ----a-w- c:\program files\ZuneDBApi.dll
2010-01-07 18:42:02 554816 ----a-w- c:\program files\UIXcontrols.dll
2010-01-07 18:42:02 1521472 ----a-w- c:\program files\UIX.dll
2010-01-07 18:42:02 1304384 ----a-w- c:\program files\ZuneShell.dll
2010-01-07 18:42:00 644928 ----a-w- c:\program files\UIX.renderapi.dll
2010-01-07 18:24:16 232448 ----a-w- c:\program files\l3codecp.acm
2009-12-12 21:08:22 1648462032 ----a-w- c:\program files\MSSetupv80.exe
2007-08-27 19:56:58 1089440 ----a-w- c:\program files\msidcrl40.dll

============= FINISH: 18:34:39.16 ===============

Attached Files



#4 ChuckLHead

ChuckLHead
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 28 July 2010 - 08:08 PM

The GMER log is included in this message. (Too big to add as an attachment.)

ChuckLHead

ark.txt******

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 20:40:17
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\GATOR~1.SAN\LOCALS~1\Temp\fgtdypog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEDB7078A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEDB70821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEDB70738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEDB7074C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEDB70835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEDB70861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEDB708CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEDB708B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEDB707CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEDB708FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEDB7080D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEDB70710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEDB70724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEDB7079E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEDB70937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEDB708A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEDB7088D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEDB7084B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEDB70923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEDB7090F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEDB70776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEDB70762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEDB70877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEDB707F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEDB708E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEDB707E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEDB707B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F8B9D 7 Bytes JMP EDB707B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80567D6A 5 Bytes JMP EDB70811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056B343 7 Bytes JMP EDB70891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056BFA7 5 Bytes JMP EDB70766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8056EA01 5 Bytes JMP EDB70825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 8056EE18 7 Bytes JMP EDB7093B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8056F10F 3 Bytes JMP EDB708D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey + 4 8056F113 3 Bytes [6D, 90, 90] {INSD ; NOP ; NOP }
PAGE ntoskrnl.exe!NtCreateFile 8056FE58 5 Bytes JMP EDB7078E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80572159 5 Bytes JMP EDB707E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 805725D4 7 Bytes JMP EDB707CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80572F6E 5 Bytes JMP EDB70714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057331D 7 Bytes JMP EDB707A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80573EF5 7 Bytes JMP EDB7087B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8057FDEC 7 Bytes JMP EDB708BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805820F6 7 Bytes JMP EDB70750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805849B4 5 Bytes JMP EDB707FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058FCDD 5 Bytes JMP EDB70728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805908B8 5 Bytes JMP EDB708FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 8059295F 7 Bytes JMP EDB70865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80594F21 7 Bytes JMP EDB70839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B246F 5 Bytes JMP EDB7073C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062C7FB 5 Bytes JMP EDB7077A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064C488 5 Bytes JMP EDB70913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064C761 7 Bytes JMP EDB708E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064D043 7 Bytes JMP EDB708A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064D48B 7 Bytes JMP EDB7084F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064D97E 5 Bytes JMP EDB70927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
init C:\WINDOWS\System32\Drivers\kbdcap.SYS entry point in "init" section [0xF64B55B0]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6434F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[180] WS2_32.dll!send 71AB428A 5 Bytes JMP 02E7B558
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[180] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 02E7B86D
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[180] WS2_32.dll!recv 71AB615A 5 Bytes JMP 02E7B639
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[180] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 02E7B70C
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[180] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 02E7B9BB
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[208] WS2_32.dll!send 71AB428A 3 Bytes JMP 0236B558
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[208] WS2_32.dll!send + 4 71AB428E 1 Byte [90]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[208] WS2_32.dll!WSARecv 71AB4318 3 Bytes JMP 0236B86D
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[208] WS2_32.dll!WSARecv + 4 71AB431C 1 Byte [90]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[208] WS2_32.dll!recv 71AB615A 3 Bytes JMP 0236B639
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[208] WS2_32.dll!recv + 4 71AB615E 1 Byte [90]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[208] WS2_32.dll!WSASend 71AB6233 3 Bytes JMP 0236B70C
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[208] WS2_32.dll!WSASend + 4 71AB6237 1 Byte [90]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[208] WS2_32.dll!closesocket 71AB9639 3 Bytes JMP 0236B9BB
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[208] WS2_32.dll!closesocket + 4 71AB963D 1 Byte [90]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[252] WS2_32.dll!send 71AB428A 5 Bytes JMP 022AB558
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[252] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 022AB86D
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[252] WS2_32.dll!recv 71AB615A 5 Bytes JMP 022AB639
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[252] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 022AB70C
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[252] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 022AB9BB
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] WS2_32.dll!send 71AB428A 5 Bytes JMP 0221B558
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0221B86D
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0221B639
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0221B70C
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[444] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0221B9BB
.text C:\Program Files\DellSupport\DSAgnt.exe[452] ws2_32.dll!send 71AB428A 5 Bytes JMP 01CDB558
.text C:\Program Files\DellSupport\DSAgnt.exe[452] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01CDB86D
.text C:\Program Files\DellSupport\DSAgnt.exe[452] ws2_32.dll!recv 71AB615A 5 Bytes JMP 01CDB639
.text C:\Program Files\DellSupport\DSAgnt.exe[452] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 01CDB70C
.text C:\Program Files\DellSupport\DSAgnt.exe[452] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 01CDB9BB
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[516] WS2_32.dll!send 71AB428A 5 Bytes JMP 012FB558
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[516] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 012FB86D
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[516] WS2_32.dll!recv 71AB615A 5 Bytes JMP 012FB639
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[516] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 012FB70C
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[516] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 012FB9BB
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[624] WS2_32.dll!send 71AB428A 5 Bytes JMP 0143B558
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[624] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0143B86D
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[624] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0143B639
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[624] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0143B70C
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[624] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0143B9BB
.text C:\WINDOWS\system32\winlogon.exe[668] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 01342946
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01C70000
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01C70064
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01C70F6F
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01C70F8A
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01C70047
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01C70FB6
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoW 7C801E50 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01C70F54
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01C70090
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01C70F43
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01C700D2
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01C70F32
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01C70FA5
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01C70011
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01C7007F
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01C70FD1
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01C70022
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01C700B7
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01C60FC0
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01C60F9E
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 01C6001B
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 01C60000
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01C60051
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 01C60FEF
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 01C60FAF
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 01C60036
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01C50064
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!system 77C293C7 5 Bytes JMP 01C50049
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01C5001D
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01C50FE3
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01C5002E
.text C:\WINDOWS\system32\services.exe[712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01C50000
.text C:\WINDOWS\system32\services.exe[712] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01C30000
.text C:\WINDOWS\system32\services.exe[712] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 01C4001B
.text C:\WINDOWS\system32\services.exe[712] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 01C4000A
.text C:\WINDOWS\system32\services.exe[712] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 01C40FD9
.text C:\WINDOWS\system32\services.exe[712] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 01C40036
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E30F83
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E30078
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E30F9E
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E30FB9
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E30051
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E30F68
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E300B0
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E300E3
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E300D2
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E30F25
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E30FCA
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E30093
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E3002C
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E3001B
.text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E300C1
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00E20FDB
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00E20F9E
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00E20022
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00E20011
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00E20FAF
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00E20FC0
.text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00E20047
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E10F7F
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E1000A
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E10FB5
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10FE3
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10F9A
.text C:\WINDOWS\system32\lsass.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E10FC6
.text C:\WINDOWS\system32\lsass.exe[732] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0082
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0065
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F6B
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F7C
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00E9
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00D8
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0F35
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A004A
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A00A7
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0025
.text C:\WINDOWS\Explorer.EXE[844] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F50
.text C:\WINDOWS\Explorer.EXE[844] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 0028002C
.text C:\WINDOWS\Explorer.EXE[844] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 0028007A
.text C:\WINDOWS\Explorer.EXE[844] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0028001B
.text C:\WINDOWS\Explorer.EXE[844] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00280FE5
.text C:\WINDOWS\Explorer.EXE[844] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00280069
.text C:\WINDOWS\Explorer.EXE[844] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00280000
.text C:\WINDOWS\Explorer.EXE[844] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00280058
.text C:\WINDOWS\Explorer.EXE[844] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 0028003D
.text C:\WINDOWS\Explorer.EXE[844] USER32.dll!DisplayExitWindowsWarnings 7E459D61 5 Bytes JMP 01712758
.text C:\WINDOWS\Explorer.EXE[844] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290FAD
.text C:\WINDOWS\Explorer.EXE[844] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290038
.text C:\WINDOWS\Explorer.EXE[844] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0029000C
.text C:\WINDOWS\Explorer.EXE[844] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[844] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290027
.text C:\WINDOWS\Explorer.EXE[844] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FDE
.text C:\WINDOWS\Explorer.EXE[844] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 002B0025
.text C:\WINDOWS\Explorer.EXE[844] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 002B0000
.text C:\WINDOWS\Explorer.EXE[844] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\Explorer.EXE[844] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 002B0042
.text C:\WINDOWS\Explorer.EXE[844] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 017E000A
.text C:\WINDOWS\Explorer.EXE[844] WS2_32.dll!send 71AB428A 5 Bytes JMP 017BB558
.text C:\WINDOWS\Explorer.EXE[844] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 017BB86D
.text C:\WINDOWS\Explorer.EXE[844] WS2_32.dll!recv 71AB615A 5 Bytes JMP 017BB639
.text C:\WINDOWS\Explorer.EXE[844] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 017BB70C
.text C:\WINDOWS\Explorer.EXE[844] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 017BB9BB
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02410000
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02410F8F
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0241008E
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02410073
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02410062
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02410FD1
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02410F6A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 024100BC
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02410F4F
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 024100E8
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 02410F34
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02410FC0
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 0241001B
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0241009F
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02410047
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02410036
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 024100D7
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00FF0F9E
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00FF004A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00FF0F83
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0FB2
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0FC3
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0029
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[928] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00ED0011
.text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00ED0000
.text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00ED002C
.text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00ED003D
.text C:\Program Files\McAfee\MSK\MskSrver.exe[960] WS2_32.dll!send 71AB428A 5 Bytes JMP 01F1B558
.text C:\Program Files\McAfee\MSK\MskSrver.exe[960] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01F1B86D
.text C:\Program Files\McAfee\MSK\MskSrver.exe[960] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01F1B639
.text C:\Program Files\McAfee\MSK\MskSrver.exe[960] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01F1B70C
.text C:\Program Files\McAfee\MSK\MskSrver.exe[960] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01F1B9BB
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C10F70
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C10065
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C10F8D
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C10FC0
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C10098
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C10087
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C10F1A
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C100B3
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C10F09
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C10FAF
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C10076
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C1002C
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C10F35
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00C00065
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00C00054
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B2001D
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20F9C
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20FD2
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20FAD
.text C:\WINDOWS\system32\svchost.exe[1000] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B2000C
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00B10011
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00B10FD9
.text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00B10FC8
.text C:\Program Files\Windows Defender\MsMpEng.exe[1096] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D4B558
.text C:\Program Files\Windows Defender\MsMpEng.exe[1096] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00D4B86D
.text C:\Program Files\Windows Defender\MsMpEng.exe[1096] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00D4B639
.text C:\Program Files\Windows Defender\MsMpEng.exe[1096] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D4B70C
.text C:\Program Files\Windows Defender\MsMpEng.exe[1096] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D4B9BB
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02090000
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02090F8D
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02090F9E
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02090FB9
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02090076
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0209004A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 020900B8
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02090F66
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 020900D3
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02090F3A
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 020900E4
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0209005B
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02090FE5
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0209009D
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02090025
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02090FD4
.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 02090F4B
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 01100025
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 01100051
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0110000A
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 01100FDE
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 01100040
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 01100FEF
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 01100F9E
.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 01100FB9
.text C:\WINDOWS\System32\svchost.exe[1136] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010F0F99
.text C:\WINDOWS\System32\svchost.exe[1136] msvcrt.dll!system 77C293C7 5 Bytes JMP 010F0FB4
.text C:\WINDOWS\System32\svchost.exe[1136] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010F0FD9
.text C:\WINDOWS\System32\svchost.exe[1136] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010F000C
.text C:\WINDOWS\System32\svchost.exe[1136] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010F002E
.text C:\WINDOWS\System32\svchost.exe[1136] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010F001D
.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 010D0000
.text C:\WINDOWS\System32\svchost.exe[1136] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 010E0FEF
.text C:\WINDOWS\System32\svchost.exe[1136] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 010E0000
.text C:\WINDOWS\System32\svchost.exe[1136] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 010E0031
.text C:\WINDOWS\System32\svchost.exe[1136] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 010E0FD4
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C20F59
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C20058
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C20F7E
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C20F9B
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C2002C
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C200A1
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C20084
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C20F48
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C200D7
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C200FC
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C20047
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C20073
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C200C6
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00C10FD1
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00C1005F
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00C10022
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00C10044
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00C10FAC
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00C10033
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C0003D
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00FB2
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00022
.text C:\WINDOWS\system32\svchost.exe[1168] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\svchost.exe[1168] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00BF0FD9
.text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BE0FEF
.text C:\Program Files\iTunes\iTunesHelper.exe[1204] WS2_32.dll!send 71AB428A 5 Bytes JMP 09C2B558
.text C:\Program Files\iTunes\iTunesHelper.exe[1204] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 09C2B86D
.text C:\Program Files\iTunes\iTunesHelper.exe[1204] WS2_32.dll!recv 71AB615A 5 Bytes JMP 09C2B639
.text C:\Program Files\iTunes\iTunesHelper.exe[1204] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 09C2B70C
.text C:\Program Files\iTunes\iTunesHelper.exe[1204] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 09C2B9BB
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A50F63
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A50058
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A50F8A
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A50FA5
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A50036
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A50F26
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A50F37
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A500A4
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A50089
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A50EF0
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A50047
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A50F52
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A50FCA
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A5001B
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A50F15
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00A40F9E
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00A4005B
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00A4004A
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00A40FC3
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A3003A
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A30FAF
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A30029
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A30FCA
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00A2001B
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00A20FE5
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00A20042
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F74
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0069
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0058
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0084
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F48
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B00BA
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F21
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B0EFC
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0F63
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[1408] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B009F
.text C:\WINDOWS\system32\wuauclt.exe[1408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290FCD
.text C:\WINDOWS\system32\wuauclt.exe[1408] msvcrt.dll!system 77C293C7 5 Bytes JMP 0029004E
.text C:\WINDOWS\system32\wuauclt.exe[1408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FDE
.text C:\WINDOWS\system32\wuauclt.exe[1408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\wuauclt.exe[1408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290033
.text C:\WINDOWS\system32\wuauclt.exe[1408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290018
.text C:\WINDOWS\system32\wuauclt.exe[1408] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\system32\wuauclt.exe[1408] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 002A002F
.text C:\WINDOWS\system32\wuauclt.exe[1408] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 002A0FC3
.text C:\WINDOWS\system32\wuauclt.exe[1408] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 002A0FDE
.text C:\WINDOWS\system32\wuauclt.exe[1408] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 002A001E
.text C:\WINDOWS\system32\wuauclt.exe[1408] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[1408] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 002A0F7C
.text C:\WINDOWS\system32\wuauclt.exe[1408] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 002A0F97
.text C:\WINDOWS\system32\wuauclt.exe[1408] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\wuauclt.exe[1408] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\wuauclt.exe[1408] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\wuauclt.exe[1408] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00D0001B
.text C:\WINDOWS\system32\wuauclt.exe[1408] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\wuauclt.exe[1408] WS2_32.dll!send 71AB428A 5 Bytes JMP 00CDB558
.text C:\WINDOWS\system32\wuauclt.exe[1408] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00CDB86D
.text C:\WINDOWS\system32\wuauclt.exe[1408] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00CDB639
.text C:\WINDOWS\system32\wuauclt.exe[1408] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00CDB70C
.text C:\WINDOWS\system32\wuauclt.exe[1408] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00CDB9BB
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006E0000
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 006E00BD
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006E00AC
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 006E0091
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006E0080
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006E0051
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 006E00D8
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 006E0F9C
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006E010E
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006E0F75
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006E0F5A
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 006E0FD4
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 006E0FE5
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 006E0FAD
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 006E0036
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 006E001B
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006E00F3
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 006D0025
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 006D0062
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 006D0FCA
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 006D0FE5
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 006D0051
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 006D0000
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 006D0036
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 006D0FB9
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C0F9C
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0FAD
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C0FC8
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C0027
.text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C0FE3
.text C:\WINDOWS\system32\svchost.exe[1444] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006B000A
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00B50FE5
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00B50FD4
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00B50FC3
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00760F3A
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00760F55
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00760F66
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0076002F
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00760F9E
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoW 7C801E50 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00760054
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00760F0C
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00760ED6
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0076006F
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 0076008A
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00760F83
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00760FD4
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00760F29
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0076000A
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00760FB9
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00760EFB
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00750FB9
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00750F83
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0075000A
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00750FCA
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00750040
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00750FE5
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00750025
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00750FA8
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00740FB7
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!system 77C293C7 5 Bytes JMP 00740038
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0074001D
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00740FEF
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00740FC8
.text C:\WINDOWS\system32\svchost.exe[1456] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0074000C
.text C:\WINDOWS\system32\svchost.exe[1456] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00B00011
.text C:\WINDOWS\system32\svchost.exe[1456] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1456] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00B00FDB
.text C:\WINDOWS\system32\svchost.exe[1456] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00B00FBE
.text C:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B10FEF
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1596] WS2_32.dll!send 71AB428A 5 Bytes JMP 0163B558
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1596] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0163B86D
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1596] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0163B639
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1596] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0163B70C
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[1596] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0163B9BB
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00760F8F
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0076007A
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00760069
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00760058
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00760036
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00760F5E
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007600A6
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007600D5
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00760F3C
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00760F17
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00760047
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00760FE5
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00760095
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00760FCA
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0076001B
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00760F4D
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00650047
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00650F80
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 0065002C
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00650F9B
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 00650FB6
.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00650FD1
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0064004C
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640031
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00640FD2
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00640FC1
.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0064000C
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00630FCA
.text C:\WINDOWS\system32\svchost.exe[1940] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 0063001D
.text C:\WINDOWS\system32\svchost.exe[1940] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00620000
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1968] WS2_32.dll!send 71AB428A 5 Bytes JMP 00E1B558
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1968] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00E1B86D
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1968] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00E1B639
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1968] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00E1B70C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1968] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00E1B9BB
.text c:\WINDOWS\system32\ZuneBusEnum.exe[2124] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C9B558
.text c:\WINDOWS\system32\ZuneBusEnum.exe[2124] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00C9B86D
.text c:\WINDOWS\system32\ZuneBusEnum.exe[2124] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00C9B639
.text c:\WINDOWS\system32\ZuneBusEnum.exe[2124] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00C9B70C
.text c:\WINDOWS\system32\ZuneBusEnum.exe[2124] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C9B9BB
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2176] WS2_32.dll!send 71AB428A 5 Bytes JMP 00DDB558
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2176] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00DDB86D
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2176] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00DDB639
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2176] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00DDB70C
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2176] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00DDB9BB
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2180] WS2_32.dll!send 71AB428A 5 Bytes JMP 022AB558
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2180] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 022AB86D
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2180] WS2_32.dll!recv 71AB615A 5 Bytes JMP 022AB639
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2180] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 022AB70C
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2180] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 022AB9BB
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3172] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BBB558
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3172] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00BBB86D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3172] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BBB639
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3172] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BBB70C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3172] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BBB9BB
.text C:\WINDOWS\system32\hkcmd.exe[3652] WS2_32.dll!send 71AB428A 5 Bytes JMP 00ADB558
.text C:\WINDOWS\system32\hkcmd.exe[3652] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00ADB86D
.text C:\WINDOWS\system32\hkcmd.exe[3652] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00ADB639
.text C:\WINDOWS\system32\hkcmd.exe[3652] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00ADB70C
.text C:\WINDOWS\system32\hkcmd.exe[3652] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00ADB9BB
.text C:\Program Files\iPod\bin\iPodService.exe[3668] WS2_32.dll!send 71AB428A 5 Bytes JMP 00B9B558
.text C:\Program Files\iPod\bin\iPodService.exe[3668] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00B9B86D
.text C:\Program Files\iPod\bin\iPodService.exe[3668] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00B9B639
.text C:\Program Files\iPod\bin\iPodService.exe[3668] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00B9B70C
.text C:\Program Files\iPod\bin\iPodService.exe[3668] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00B9B9BB
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A005D
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F5E
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0025
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A000A
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00A6
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0095
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00DC
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00CB
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0F1E
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A0F83
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A006E
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\System32\svchost.exe[3852] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F4D
.text C:\WINDOWS\System32\svchost.exe[3852] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00280025
.text C:\WINDOWS\System32\svchost.exe[3852] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00280FB9
.text C:\WINDOWS\System32\svchost.exe[3852] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00280FDE
.text C:\WINDOWS\System32\svchost.exe[3852] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 0028000A
.text C:\WINDOWS\System32\svchost.exe[3852] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 0028006C
.text C:\WINDOWS\System32\svchost.exe[3852] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 00280FEF
.text C:\WINDOWS\System32\svchost.exe[3852] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 0028005B
.text C:\WINDOWS\System32\svchost.exe[3852] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00280040
.text C:\WINDOWS\System32\svchost.exe[3852] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003D0025
.text C:\WINDOWS\System32\svchost.exe[3852] msvcrt.dll!system 77C293C7 5 Bytes JMP 003D000A
.text C:\WINDOWS\System32\svchost.exe[3852] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003D0FB5
.text C:\WINDOWS\System32\svchost.exe[3852] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003D0FE3
.text C:\WINDOWS\System32\svchost.exe[3852] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003D0F9A
.text C:\WINDOWS\System32\svchost.exe[3852] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003D0FC6
.text C:\WINDOWS\System32\svchost.exe[3852] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006D0FEF
.text C:\WINDOWS\System32\svchost.exe[3852] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00EB001B
.text C:\WINDOWS\System32\svchost.exe[3852] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00EB000A
.text C:\WINDOWS\System32\svchost.exe[3852] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\System32\svchost.exe[3852] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00EB0038
.text C:\WINDOWS\system32\igfxpers.exe[3868] WS2_32.dll!send 71AB428A 5 Bytes JMP 00ABB558
.text C:\WINDOWS\system32\igfxpers.exe[3868] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00ABB86D
.text C:\WINDOWS\system32\igfxpers.exe[3868] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00ABB639
.text C:\WINDOWS\system32\igfxpers.exe[3868] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00ABB70C
.text C:\WINDOWS\system32\igfxpers.exe[3868] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00ABB9BB
.text C:\Program Files\Java\jre6\bin\jusched.exe[3888] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C2B558
.text C:\Program Files\Java\jre6\bin\jusched.exe[3888] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00C2B86D
.text C:\Program Files\Java\jre6\bin\jusched.exe[3888] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00C2B639
.text C:\Program Files\Java\jre6\bin\jusched.exe[3888] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00C2B70C
.text C:\Program Files\Java\jre6\bin\jusched.exe[3888] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C2B9BB
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3928] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BAB558
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3928] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00BAB86D
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3928] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BAB639
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3928] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BAB70C
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3928] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BAB9BB
.text C:\Program Files\Dell\Media Experience\PCMService.exe[4016] WS2_32.dll!send 71AB428A 5 Bytes JMP 01E2B558
.text C:\Program Files\Dell\Media Experience\PCMService.exe[4016] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01E2B86D
.text C:\Program Files\Dell\Media Experience\PCMService.exe[4016] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01E2B639
.text C:\Program Files\Dell\Media Experience\PCMService.exe[4016] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01E2B70C
.text C:\Program Files\Dell\Media Experience\PCMService.exe[4016] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01E2B9BB
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4048] WS2_32.dll!send 71AB428A 5 Bytes JMP 00E7B558
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4048] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00E7B86D
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4048] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00E7B639
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4048] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00E7B70C
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[4048] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00E7B9BB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00260F77
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00260076
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00260F9C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0026005B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00260025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00260F55
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0026009D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00260F26
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 002600BF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00260F15
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00260040
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00260FCA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00260F66
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00260FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 002600AE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00340055
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] msvcrt.dll!system 77C293C7 5 Bytes JMP 0034003A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00340FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0034000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00340FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00340029
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] ADVAPI32.dll!RegCreateKeyExW 77DD774C 5 Bytes JMP 00350065
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] ADVAPI32.dll!RegOpenKeyExA 77DD7832 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] ADVAPI32.dll!RegOpenKeyW 77DD7926 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] ADVAPI32.dll!RegCreateKeyExA 77DDE834 5 Bytes JMP 00350FA8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] ADVAPI32.dll!RegOpenKeyA 77DDEE08 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] ADVAPI32.dll!RegCreateKeyW 77DE45EE 5 Bytes JMP 0035004A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] ADVAPI32.dll!RegCreateKeyA 77DE4706 5 Bytes JMP 00350FC3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WININET.dll!InternetOpenW 771BAEED 5 Bytes JMP 00370FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 01E2BA6D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WININET.dll!HttpOpenRequestA 771C3674 5 Bytes JMP 01E2BB53
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WININET.dll!InternetCloseHandle 771C4D3C 5 Bytes JMP 01E2C083
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WININET.dll!InternetOpenA 771C573E 5 Bytes JMP 00370FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WININET.dll!InternetOpenUrlA 771C59F1 5 Bytes JMP 0037000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WININET.dll!HttpSendRequestA 771C60C9 5 Bytes JMP 01E2BC23
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WININET.dll!InternetReadFile 771C827C 5 Bytes JMP 01E2BFB2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WININET.dll!InternetOpenUrlW 771D5B3A 5 Bytes JMP 00370025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WININET.dll!HttpSendRequestW 772123AC 5 Bytes JMP 01E2BD77
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5532] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01090FE5

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 kbdcap.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 kbdcap.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x89 0xD7 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x89 0xD7 0x8A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x89 0xD7 0x8A ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----


#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:40 AM

Posted 03 August 2010 - 06:29 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:40 AM

Posted 08 August 2010 - 06:08 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:40 AM

Posted 11 August 2010 - 05:03 PM

Reopened at user's request

-----------------------------------------

Please provide new logs as you explained in your PM. smile.gif
Posted Image
m0le is a proud member of UNITE

#8 ChuckLHead

ChuckLHead
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 13 August 2010 - 06:57 AM

Thanks m0le.

Things seem to be a bit worse.

DDS ran successfully and I am providing the logs from that tool.

I tried 3 times to get GMER to run but each attempt resulted in a BSOD. The first BSOD was IRQL_NOT_LESS_OR_EQUAL (0x0000000A). The second was c0000145 {Application Error}. I didn't note anything from the third BSOD. Upon reboot, allowing the machine to "tell Microsoft about the problem" brought up the same diagnosis page regarding an invalid / corrupt driver. Hmmm...

Also, McAfee Net Agent kept popping up saying it encountered an error and had to shut down. Not sure if that's relevant at this point.

I'm providing the DDS logs and hope we'll be able to work through whatever issue the machine has so that it is safe and stable.

Thanks in advance,

ChuckLHead


DDS (Ver_10-03-17.01) - NTFSx86
Run by Gator at 6:33:11.75 on Fri 08/13/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.317 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
c:\program files\mcafee\virusscan\mcinsupd.exe
C:\Documents and Settings\Gator.SANDY\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTASK.EXE" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} - hxxps://ra.budco.com/ui/Axt.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://ra.budco.com/pdl/jt/msrdp.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gator~1.san\applic~1\mozilla\firefox\profiles\fj9sberp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-21 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-3-21 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-3-21 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-3-21 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2007-2-25 109440]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-3-21 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-1-20 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-1-20 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-20 40552]
S2 procguard;procguard;\??\c:\windows\system32\drivers\procguard.sys --> c:\windows\system32\drivers\procguard.sys [?]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2009-7-20 340480]
S3 DISK_DRIVE32;DISK_DRIVE32;\??\c:\documents and settings\troy\desktop\ultimate hack pack 4.0 public release\cheatengine\disk_1024.sys --> c:\documents and settings\troy\desktop\ultimate hack pack 4.0 public release\cheatengine\disk_1024.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-1-20 34248]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-5-7 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2008-5-7 3768]
S3 NUBBER;NUBBER;\??\c:\home\troy\hacks\nubbk32.sys --> c:\home\troy\hacks\nubbk32.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]
S3 sejt1;sejt1;\??\c:\documents and settings\troy\desktop\akumaengine\sejt.sys --> c:\documents and settings\troy\desktop\akumaengine\sejt.sys [?]
S3 spuce1;spuce1;\??\c:\documents and settings\troy\desktop\spuce 2.0\spuce.sys --> c:\documents and settings\troy\desktop\spuce 2.0\spuce.sys [?]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2008-12-14 38656]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S4 0234801269193264mcinstcleanup;McAfee Application Installer Cleanup (0234801269193264);c:\docume~1\gator~1.san\locals~1\temp\023480~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\gator~1.san\locals~1\temp\023480~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-08-04 10:11:35 0 d-s---w- C:\ComboFix
2010-08-03 10:31:11 0 d-sha-r- C:\cmdcons
2010-08-03 10:27:22 98816 ----a-w- c:\windows\sed.exe
2010-08-03 10:27:22 77312 ----a-w- c:\windows\MBR.exe
2010-08-03 10:27:22 256512 ----a-w- c:\windows\PEV.exe
2010-08-03 10:27:22 161792 ----a-w- c:\windows\SWREG.exe
2010-08-03 10:11:22 2396859 ----a-w- C:\MGtools.exe
2010-08-01 11:09:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-01 11:09:16 423656 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-07-15 19:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 18:42:02 912192 ----a-w- c:\program files\ZuneDBApi.dll
2010-01-07 18:42:02 554816 ----a-w- c:\program files\UIXcontrols.dll
2010-01-07 18:42:02 1521472 ----a-w- c:\program files\UIX.dll
2010-01-07 18:42:02 1304384 ----a-w- c:\program files\ZuneShell.dll
2010-01-07 18:42:00 644928 ----a-w- c:\program files\UIX.renderapi.dll
2010-01-07 18:24:16 232448 ----a-w- c:\program files\l3codecp.acm
2009-12-12 21:08:22 1648462032 ----a-w- c:\program files\MSSetupv80.exe
2007-08-27 19:56:58 1089440 ----a-w- c:\program files\msidcrl40.dll

============= FINISH: 6:36:52.65 ===============

Attached Files



#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:40 AM

Posted 13 August 2010 - 12:12 PM

Please run Combofix so we can deal with the rootkit.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#10 ChuckLHead

ChuckLHead
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 13 August 2010 - 02:23 PM

ComboFix was successfully downloaded and started but produced a BSOD (BAD_POOL_CALLER 0x000000C2) after a few minutes.

I'll await specific instructions for what to do on reboot (Which option? last known good config?).

Thanks.

ChuckLHead

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:40 AM

Posted 13 August 2010 - 02:36 PM

Boot normally.

Then please run MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#12 ChuckLHead

ChuckLHead
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 14 August 2010 - 06:02 AM

Below is the log from MBRCheck.

ChuckLHead


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 188):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7B17000 \WINDOWS\system32\KDCOM.DLL
0xF7A27000 \WINDOWS\system32\BOOTVID.dll
0xF75C8000 ACPI.sys
0xF7B19000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75B7000 pci.sys
0xF7617000 isapnp.sys
0xF74A1000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7BDF000 pciide.sys
0xF7897000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B1B000 aliide.sys
0xF7B1D000 cmdide.sys
0xF7B1F000 toside.sys
0xF7B21000 viaide.sys
0xF7B23000 intelide.sys
0xF7627000 MountMgr.sys
0xF7482000 ftdisk.sys
0xF7B25000 dmload.sys
0xF745C000 dmio.sys
0xF789F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF7A2B000 cpqarray.sys
0xF7444000 atapi.sys
0xF7A2F000 aha154x.sys
0xF78A7000 sparrow.sys
0xF7647000 aic78xx.sys
0xF7A33000 dac960nt.sys
0xF7657000 ql10wnt.sys
0xF7A37000 amsint.sys
0xF78AF000 asc.sys
0xF7A3B000 asc3550.sys
0xF78B7000 mraid35x.sys
0xF78BF000 i2omp.sys
0xF7A3F000 ini910u.sys
0xF7667000 ql1240.sys
0xF7677000 aic78u2.sys
0xF78C7000 symc8xx.sys
0xF78CF000 sym_hi.sys
0xF78D7000 sym_u3.sys
0xF78DF000 ABP480N5.SYS
0xF78E7000 asc3350p.sys
0xF7B27000 cd20xrnt.sys
0xF7687000 ultra.sys
0xF78EF000 dpti2o.sys
0xF742B000 adpu160m.sys
0xF7697000 ql1080.sys
0xF76A7000 ql1280.sys
0xF76B7000 ql12160.sys
0xF7A43000 cbidf2k.sys
0xF73FF000 dac2w2k.sys
0xF78F7000 hpn.sys
0xF78FF000 perc2.sys
0xF7B29000 perc2hib.sys
0xF76C7000 disk.sys
0xF76D7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73DF000 fltMgr.sys
0xF73CD000 sr.sys
0xF73B8000 drvmcdb.sys
0xF76E7000 PxHelp20.sys
0xF73A1000 KSecDD.sys
0xF738A000 WudfPf.sys
0xF72FD000 Ntfs.sys
0xF72D0000 NDIS.sys
0xF76F7000 sisagp.sys
0xF7707000 viaagp.sys
0xF72B5000 Mup.sys
0xF7717000 agp440.sys
0xF7727000 alim1541.sys
0xF7737000 amdagp.sys
0xF7747000 agpCPQ.sys
0xF6B96000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6785000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6771000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7A07000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF674E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A0F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF671A000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF66F7000 \SystemRoot\system32\DRIVERS\ks.sys
0xF65F8000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6551000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7A17000 \SystemRoot\System32\Drivers\Modem.SYS
0xF652B000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7A1F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6B86000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7917000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6510000 \SystemRoot\System32\Drivers\kbdcap.SYS
0xF791F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6B76000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B0F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF64FC000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6B66000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6B56000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7927000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF6B46000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF64BC000 \SystemRoot\system32\drivers\smwdm.sys
0xF6498000 \SystemRoot\system32\drivers\portcls.sys
0xF6B36000 \SystemRoot\system32\drivers\drmk.sys
0xF643A000 \SystemRoot\system32\drivers\senfilt.sys
0xF7D60000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6B26000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF728D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6423000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7767000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7777000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF792F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6412000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7787000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7937000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF793F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF63E1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7797000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B4F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6388000 \SystemRoot\system32\DRIVERS\update.sys
0xF7271000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF6317000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF77C7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B53000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF68D3000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF794F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7B55000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B57000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7B59000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CC3000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B5B000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7967000 \SystemRoot\system32\drivers\ssrtln.sys
0xF796F000 \SystemRoot\System32\drivers\vga.sys
0xF7B5D000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B5F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7977000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF797F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7ACB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDD6D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDD15000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDCEE000 \SystemRoot\System32\Drivers\Mpfp.sys
0xF7817000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xEDC26000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7AD7000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEDC04000 \SystemRoot\System32\drivers\afd.sys
0xF7827000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDBDF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF7987000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEDBB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDB45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEDB12000 \SystemRoot\system32\drivers\mfehidk.sys
0xF7867000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7877000 \SystemRoot\System32\Drivers\Fips.SYS
0xF725D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDAD2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B6F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF62FB000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79BF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C7C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7837000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7D0F000 \SystemRoot\system32\dla\tfsndres.sys
0xED9A4000 \SystemRoot\system32\dla\tfsnifs.sys
0xEDAB6000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7B9F000 \SystemRoot\system32\dla\tfsnpool.sys
0xF79D7000 \SystemRoot\system32\dla\tfsnboio.sys
0xF7847000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7D10000 \SystemRoot\system32\dla\tfsndrct.sys
0xED963000 \SystemRoot\system32\dla\tfsnudf.sys
0xED94A000 \SystemRoot\system32\dla\tfsnudfa.sys
0xED752000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xED55E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B39000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF7B47000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xED48F000 \SystemRoot\system32\DRIVERS\srv.sys
0xED37F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF799F000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xECE04000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xECC37000 \SystemRoot\system32\drivers\wdmaud.sys
0xECD84000 \SystemRoot\system32\drivers\sysaudio.sys
0xECBAB000 \SystemRoot\System32\Drivers\HTTP.sys
0xF79B7000 \SystemRoot\system32\drivers\mfebopk.sys
0xECA56000 \SystemRoot\system32\drivers\mfeavfk.sys
0xEC263000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
596 C:\WINDOWS\SYSTEM32\smss.exe
644 csrss.exe
672 C:\WINDOWS\SYSTEM32\winlogon.exe
716 C:\WINDOWS\SYSTEM32\services.exe
736 C:\WINDOWS\SYSTEM32\lsass.exe
916 C:\WINDOWS\SYSTEM32\svchost.exe
996 svchost.exe
1116 C:\Program Files\Windows Defender\MsMpEng.exe
1172 C:\WINDOWS\SYSTEM32\svchost.exe
1224 C:\WINDOWS\SYSTEM32\svchost.exe
1532 svchost.exe
1556 svchost.exe
1800 C:\WINDOWS\SYSTEM32\spoolsv.exe
1984 svchost.exe
2036 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
156 C:\Program Files\Bonjour\mDNSResponder.exe
232 C:\Program Files\Java\jre6\bin\jqs.exe
264 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
324 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
416 C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
520 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
632 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
924 C:\Program Files\McAfee\MPF\MpfSrv.exe
1252 C:\Program Files\McAfee\MSK\msksrver.exe
1868 C:\WINDOWS\SYSTEM32\svchost.exe
2124 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
2164 C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe
2396 C:\WINDOWS\SYSTEM32\wuauclt.exe
3392 C:\WINDOWS\SYSTEM32\wscntfy.exe
3584 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
3732 C:\WINDOWS\explorer.exe
4032 C:\WINDOWS\SYSTEM32\svchost.exe
1708 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
1716 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
2116 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
2344 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
2420 C:\Program Files\iTunes\iTunesHelper.exe
428 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
2948 C:\WINDOWS\SYSTEM32\hkcmd.exe
3056 C:\WINDOWS\SYSTEM32\igfxpers.exe
3136 C:\Program Files\Dell\Media Experience\PCMService.exe
3308 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
3204 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3764 C:\Program Files\DellSupport\DSAgnt.exe
3124 C:\Program Files\iPod\bin\iPodService.exe
2708 C:\WINDOWS\SYSTEM32\wuauclt.exe
3076 C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.10-delta.exe
196 C:\55f85f091da92193d7a20bc40d65\mrtstub.exe
3032 C:\Documents and Settings\Gator.SANDY\Desktop\MBRCheck.exe
1008 C:\WINDOWS\SYSTEM32\MRT.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`de177c00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6Y080L0, Rev: YAR41BW0

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked (known infection: Whistler / Black Internet)!
SHA1: 3AD54F7704EB54BB0693EDCBFCC5A24A4C985F3E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:40 AM

Posted 14 August 2010 - 07:47 AM

This is the Whistler bootkit which we will now remove using MBRCheck

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you [b]"Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#14 ChuckLHead

ChuckLHead
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 16 August 2010 - 05:40 AM

Hi m0le,

I ran the fix, rebooted and re-ran MBRCheck. It's still reporting an infection on the drive.

Thanks.

ChuckLHead

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 189):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7B17000 \WINDOWS\system32\KDCOM.DLL
0xF7A27000 \WINDOWS\system32\BOOTVID.dll
0xF75C8000 ACPI.sys
0xF7B19000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75B7000 pci.sys
0xF7617000 isapnp.sys
0xF74A1000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7BDF000 pciide.sys
0xF7897000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B1B000 aliide.sys
0xF7B1D000 cmdide.sys
0xF7B1F000 toside.sys
0xF7B21000 viaide.sys
0xF7B23000 intelide.sys
0xF7627000 MountMgr.sys
0xF7482000 ftdisk.sys
0xF7B25000 dmload.sys
0xF745C000 dmio.sys
0xF789F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF7A2B000 cpqarray.sys
0xF7444000 atapi.sys
0xF7A2F000 aha154x.sys
0xF78A7000 sparrow.sys
0xF7647000 aic78xx.sys
0xF7A33000 dac960nt.sys
0xF7657000 ql10wnt.sys
0xF7A37000 amsint.sys
0xF78AF000 asc.sys
0xF7A3B000 asc3550.sys
0xF78B7000 mraid35x.sys
0xF78BF000 i2omp.sys
0xF7A3F000 ini910u.sys
0xF7667000 ql1240.sys
0xF7677000 aic78u2.sys
0xF78C7000 symc8xx.sys
0xF78CF000 sym_hi.sys
0xF78D7000 sym_u3.sys
0xF78DF000 ABP480N5.SYS
0xF78E7000 asc3350p.sys
0xF7B27000 cd20xrnt.sys
0xF7687000 ultra.sys
0xF78EF000 dpti2o.sys
0xF742B000 adpu160m.sys
0xF7697000 ql1080.sys
0xF76A7000 ql1280.sys
0xF76B7000 ql12160.sys
0xF7A43000 cbidf2k.sys
0xF73FF000 dac2w2k.sys
0xF78F7000 hpn.sys
0xF78FF000 perc2.sys
0xF7B29000 perc2hib.sys
0xF76C7000 disk.sys
0xF76D7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73DF000 fltMgr.sys
0xF73CD000 sr.sys
0xF73B8000 drvmcdb.sys
0xF76E7000 PxHelp20.sys
0xF73A1000 KSecDD.sys
0xF738A000 WudfPf.sys
0xF72FD000 Ntfs.sys
0xF72D0000 NDIS.sys
0xF76F7000 sisagp.sys
0xF7707000 viaagp.sys
0xF72B5000 Mup.sys
0xF7717000 agp440.sys
0xF7727000 alim1541.sys
0xF7737000 amdagp.sys
0xF7747000 agpCPQ.sys
0xF720D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6794000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6780000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF79FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF675D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A07000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6729000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF6706000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6607000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6560000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7A0F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF653A000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7A17000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF71FD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A1F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF651F000 \SystemRoot\System32\Drivers\kbdcap.SYS
0xF7917000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF71ED000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7AFF000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF650B000 \SystemRoot\system32\DRIVERS\parport.sys
0xF71DD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF71CD000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF791F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7767000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF64CB000 \SystemRoot\system32\drivers\smwdm.sys
0xF64A7000 \SystemRoot\system32\drivers\portcls.sys
0xF7777000 \SystemRoot\system32\drivers\drmk.sys
0xF6449000 \SystemRoot\system32\drivers\senfilt.sys
0xF7C50000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7787000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B0B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6432000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7797000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7927000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6381000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF792F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7937000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6350000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B3D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF62F7000 \SystemRoot\system32\DRIVERS\update.sys
0xF7281000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF6286000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF77F7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7817000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B3F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF68EA000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF793F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7B41000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B43000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7B45000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D2C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B47000 \SystemRoot\System32\Drivers\Beep.SYS
0xF794F000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7957000 \SystemRoot\System32\drivers\vga.sys
0xF7B49000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B4B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF795F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7967000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF68D6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDCDC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDC84000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDC5D000 \SystemRoot\System32\Drivers\Mpfp.sys
0xF7847000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xEDB95000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7AC3000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEDB73000 \SystemRoot\System32\drivers\afd.sys
0xF7857000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDB4E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF796F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEDB23000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDAB4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEDA81000 \SystemRoot\system32\drivers\mfehidk.sys
0xF7867000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7877000 \SystemRoot\System32\Drivers\Fips.SYS
0xF725D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDA41000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B4D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7AF7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF798F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C09000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6392000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7CD6000 \SystemRoot\system32\dla\tfsndres.sys
0xED8EB000 \SystemRoot\system32\dla\tfsnifs.sys
0xEDA39000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7B55000 \SystemRoot\system32\dla\tfsnpool.sys
0xF79A7000 \SystemRoot\system32\dla\tfsnboio.sys
0xEDC4D000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7CD7000 \SystemRoot\system32\dla\tfsndrct.sys
0xED8D2000 \SystemRoot\system32\dla\tfsnudf.sys
0xED8B9000 \SystemRoot\system32\dla\tfsnudfa.sys
0xED899000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xED595000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7BD3000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF7BD7000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xED44E000 \SystemRoot\system32\DRIVERS\srv.sys
0xED442000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7987000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xECE13000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xF79CF000 \SystemRoot\system32\drivers\mfebopk.sys
0xECD61000 \SystemRoot\system32\drivers\mfeavfk.sys
0xECC80000 \SystemRoot\System32\Drivers\HTTP.sys
0xEC9C3000 \SystemRoot\system32\drivers\wdmaud.sys
0xEC9D8000 \SystemRoot\system32\drivers\sysaudio.sys
0xEC925000
0xEC82D000 \SystemRoot\system32\drivers\mfesmfk.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
596 C:\WINDOWS\SYSTEM32\smss.exe
644 csrss.exe
668 C:\WINDOWS\SYSTEM32\winlogon.exe
712 C:\WINDOWS\SYSTEM32\services.exe
724 C:\WINDOWS\SYSTEM32\savedump.exe
732 C:\WINDOWS\SYSTEM32\lsass.exe
916 C:\WINDOWS\SYSTEM32\svchost.exe
996 svchost.exe
1088 C:\Program Files\Windows Defender\MsMpEng.exe
1132 C:\WINDOWS\SYSTEM32\svchost.exe
1164 C:\WINDOWS\SYSTEM32\svchost.exe
1300 svchost.exe
1440 svchost.exe
1576 C:\WINDOWS\SYSTEM32\spoolsv.exe
1924 svchost.exe
1952 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1964 C:\Program Files\Bonjour\mDNSResponder.exe
2016 C:\Program Files\Java\jre6\bin\jqs.exe
132 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
196 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
216 C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
344 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
448 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
564 C:\Program Files\McAfee\MPF\MpfSrv.exe
832 C:\Program Files\McAfee\MSK\msksrver.exe
1208 C:\WINDOWS\SYSTEM32\svchost.exe
1708 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
1684 C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe
2264 C:\WINDOWS\SYSTEM32\wuauclt.exe
3548 C:\WINDOWS\SYSTEM32\svchost.exe
2304 C:\WINDOWS\explorer.exe
256 C:\WINDOWS\SYSTEM32\rundll32.exe
2364 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
2548 C:\WINDOWS\SYSTEM32\wuauclt.exe
3536 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
3564 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
3572 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
3580 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
3640 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
3704 C:\Program Files\iTunes\iTunesHelper.exe
3812 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
2424 C:\WINDOWS\SYSTEM32\hkcmd.exe
4024 C:\WINDOWS\SYSTEM32\igfxpers.exe
4068 C:\Program Files\Dell\Media Experience\PCMService.exe
4080 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
1248 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1152 C:\Program Files\DellSupport\DSAgnt.exe
1476 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2556 C:\Program Files\iPod\bin\iPodService.exe
3740 C:\Documents and Settings\Gator.SANDY\Desktop\MBRCheck.exe
428 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`de177c00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6Y080L0, Rev: YAR41BW0

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked (known infection: Whistler / Black Internet)!
SHA1: 3AD54F7704EB54BB0693EDCBFCC5A24A4C985F3E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:40 AM

Posted 16 August 2010 - 05:59 PM

Okay, that sometimes happens. Combofix can also rewrite the MBR so we'll try that.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

QUOTE
MBR::


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users