Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspected trojan/rootkit removal


  • This topic is locked This topic is locked
32 replies to this topic

#1 mapex

mapex

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 25 August 2010 - 11:37 PM

Any help would be much appreciated in removing the infection. When I first started windows explorer was completely disabled. I've now been able to remove all infections except for one user profile which is being troublesome. Any browser attemps (ie or firefox) will result in reaching a security warning, which from a google search indicates that the security page in itself is part of the malware. My plans are to move data off and reinstall the machine anyway but I'd like to have the machine cleaned before transferring data off. Thanks in advance




DDS (Ver_10-03-17.01) - NTFSx86
Run by David at 22:48:16.45 on Wed 08/25/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3316.2038 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbacoms.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\sminst\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = Preserve
mStart Page = hxxp://www.dellnet.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100825222520.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {346DE098-61F9-4B42-89DA-6DFBA7091BB6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"
dRun: [Rwukahixusoy] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\crnmgt.dll",Startup
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: sbcglobal.net
Trusted Zone: turbotax.com
Trusted Zone: yahoo.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5334504D-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/mpg4sax.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\n8ycsuei.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {3DA5B818-3102-48AE-B57E-8E4D5529150F} - c:\windows\system32\config\systemprofile\appdata\local\{3da5b818-3102-48ae-b57e-8e4d5529150f}\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-5 385880]
R1 42163021;42163021;c:\windows\system32\drivers\42163021.sys [2010-8-20 128016]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-6-25 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-6-25 160720]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe -service --> c:\windows\system32\dlbacoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-12 47640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-25 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-25 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-25 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-6-25 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-6-25 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-6-25 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-6-25 141792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-20 1153368]
R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-5-5 632048]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-6-25 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-25 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-25 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-6-25 312616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-6-25 83496]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 335872]
S3 utm2mjmy;AVZ Kernel Driver;c:\windows\system32\drivers\utm2mjmy.sys [2010-8-20 7168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [2004-9-3 13184]

=============== Created Last 30 ================

2010-08-25 23:15:54 0 d-----w- c:\programdata\Update
2010-08-25 23:15:41 5 ----a-w- C:\zrpt.xml
2010-08-23 04:33:00 93056 ----a-w- C:\pflyykoc.sys
2010-08-23 04:31:18 261343820 ----a-w- c:\windows\MEMORY.DMP
2010-08-23 03:47:21 0 d-----w- c:\windows\pss
2010-08-21 07:26:47 112 ----a-w- c:\programdata\rORs6m1KO.dat
2010-08-21 04:54:50 7168 ----a-w- c:\windows\system32\drivers\utm2mjmy.sys
2010-08-21 04:42:11 311312 ----a-w- c:\windows\system32\drivers\4216302.sys
2010-08-21 04:42:11 128016 ----a-w- c:\windows\system32\drivers\42163021.sys
2010-08-21 04:40:38 73765816 ----a-w- C:\setup_9.0.0.722_20.08.2010_21-52.exe
2010-08-21 04:37:07 0 d-----w- c:\programdata\Kaspersky Lab
2010-08-21 03:35:24 0 d-----w- c:\users\david\appdata\roaming\SUPERAntiSpyware.com
2010-08-21 03:30:51 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-21 03:28:32 0 d-----w- c:\program files\Trend Micro
2010-08-21 02:17:15 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-21 00:33:21 0 d-sh--w- c:\users\david\appdata\roaming\Earthlink
2010-08-21 00:28:59 0 d-----w- c:\users\david\appdata\roaming\Malwarebytes
2010-08-21 00:11:34 0 d-----w- c:\program files\CCleaner
2010-08-18 00:50:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 00:50:00 0 d-----w- c:\programdata\Malwarebytes
2010-08-18 00:49:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 00:49:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 22:19:06 0 d-----w- c:\users\david\appdata\roaming\com.titleist.gbf.pga.7CDAE941C65273973F33EE01488E285A2B576605.1
2010-08-17 22:19:01 0 d-----w- c:\program files\Titleist Golf Ball Fitting
2010-08-12 13:13:03 2037760 ----a-w- c:\windows\system32\win32k.sys

==================== Find3M ====================

2010-07-25 18:21:50 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-25 18:21:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-25 18:21:49 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-18 17:31:29 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16:20 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15:06 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 20:42:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 20:42:28 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 20:42:27 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-08 17:35:04 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35:03 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-18 19:51:26 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-05 20:26:08 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:49:32.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:19 AM

Posted 30 August 2010 - 10:00 PM

Hi mapex,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 mapex

mapex
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 31 August 2010 - 12:38 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4511

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/30/2010 11:42:53 PM
mbam-log-2010-08-30 (23-42-53).txt

Scan type: Quick scan
Objects scanned: 180833
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 00:13:10
Windows 6.0.6002 Service Pack 2
Running: lhtwyjr3.exe; Driver: C:\Users\David\AppData\Local\Temp\pflyykoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82840D88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82840DB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82840D9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82840D74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 822729D2 5 Bytes JMP 82840D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82437DA3 5 Bytes JMP 82840DB6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 824574FA 7 Bytes JMP 82840D8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 824577BD 5 Bytes JMP 82840DA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[464] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[464] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00340000
.text C:\Windows\system32\svchost.exe[464] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00340FCA
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 003100BC
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00310F76
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00310F4A
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00310F65
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00310FA2
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 0031002C
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 0031003D
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00310F87
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00310FBD
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00310069
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 0031007A
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 0031004E
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 003100A1
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00310F39
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 003100E1
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 0033005D
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!system 770E804B 5 Bytes JMP 00330042
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00330FD2
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_open 770ED106 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00330031
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 0033000C
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00300051
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00300FB9
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00300040
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 0030006C
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00300FD4
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00300025
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 0032001B
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00320040
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00320051
.text C:\Windows\system32\svchost.exe[464] WS2_32.dll!socket 763036D1 5 Bytes JMP 002F0000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[512] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 71809AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[512] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 71809A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\services.exe[664] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 0088000A
.text C:\Windows\system32\services.exe[664] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00880FEF
.text C:\Windows\system32\services.exe[664] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00880025
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 002E0F79
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 002E0F8A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 002E00F5
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 002E0F5E
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 002E0089
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 002E0025
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 002E0036
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 002E00B5
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 002E0FAF
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 002E006C
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 002E0FCA
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 002E0051
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 002E009A
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 002E0F43
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 002E0FEF
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 002E000A
.text C:\Windows\system32\services.exe[664] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 002E00D0
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 008E0F91
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 008E0FB6
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 008E0000
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 008E003D
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 008E004E
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 008E0FDB
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 008E0011
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 008E002C
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00D90FA3
.text C:\Windows\system32\services.exe[664] msvcrt.dll!system 770E804B 5 Bytes JMP 00D9002E
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00D9001D
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_open 770ED106 5 Bytes JMP 00D90000
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00D90FBE
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00D90FE3
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 008F000A
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 008F0025
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 008F0FD4
.text C:\Windows\system32\services.exe[664] WS2_32.dll!socket 763036D1 5 Bytes JMP 008D0FE5
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 0019000A
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00190036
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00190025
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 001800B3
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 001800A2
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 001800D8
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00180F41
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00180076
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00180014
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 0018002F
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00180087
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00180F9E
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00180051
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00180FAF
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00180040
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00180F77
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 001800E9
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00180FDE
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00180FEF
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00180F52
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 008D0F9E
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 008D0FC0
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 008D0FAF
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 008D005B
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 008D001B
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 008D000A
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 008D002C
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00DF0F9C
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!system 770E804B 5 Bytes JMP 00DF0027
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00DF0FD2
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_open 770ED106 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00DF0FC1
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00DF000C
.text C:\Windows\system32\lsass.exe[684] WS2_32.dll!socket 763036D1 5 Bytes JMP 001A0FE5
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 008F0FE5
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 008F0FD4
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 008F0FC3
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 008F0FB2
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00AC0FE5
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00AC0FD4
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00AC0000
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 009100BF
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 009100AE
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00910F5E
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 009100EB
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00910F83
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00910FB9
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00910089
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00910051
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00910FA8
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00910040
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00910025
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00910078
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00910F4D
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00910FD4
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 009100D0
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 009B0FA6
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!system 770E804B 5 Bytes JMP 009B0FC1
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 009B0FD2
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_open 770ED106 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 009B0027
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 009B0FE3
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00900FD4
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00900FE5
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00900076
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00900091
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00900036
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00900025
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00900051
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 009A0FEF
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 009A000A
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 009A001B
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 009A002C
.text C:\Windows\system32\svchost.exe[772] WS2_32.dll!socket 763036D1 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 003E0FE5
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 003E0FC3
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 003E0FD4
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 003D0F46
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 003D0F57
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 003D00B1
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 003D0F1A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 003D0F8D
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 003D0FCA
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 003D001B
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 003D0082
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 003D0067
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 003D0F9E
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 003D0040
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 003D0FB9
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 003D0F7C
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 003D00C2
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 003D000A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 003D0F2B
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 006F0FAD
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!system 770E804B 5 Bytes JMP 006F0042
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 006F0FD2
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_open 770ED106 5 Bytes JMP 006F0FEF
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 006F0027
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 006F000C
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 0069006F
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00690FC3
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00690000
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 0069004A
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00690080
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00690FEF
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 0069001B
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00690FD4
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 006A0000
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 006A0FDE
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 006A0025
.text C:\Windows\system32\svchost.exe[872] WS2_32.dll!socket 763036D1 5 Bytes JMP 00680000
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 008F0FE5
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 008F001B
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 007C0F4B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 007C0091
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 007C0F1C
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 007C00B3
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 007C0F6D
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 007C0FE5
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 007C0FCA
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 007C0076
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 007C0F8A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 007C0047
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 007C0F9B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 007C0036
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 007C0F5C
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 007C0F0B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 007C001B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 007C0000
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 007C00A2
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00A70FB0
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!system 770E804B 5 Bytes JMP 00A70FC1
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00A70016
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_open 770ED106 5 Bytes JMP 00A70FE3
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00A70031
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00A70FD2
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00910FC0
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00910047
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00910062
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 0091007D
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00910FDB
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00910011
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00910036
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00A60FEF
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00A6000A
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00A60FD4
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00A6001B
.text C:\Windows\system32\svchost.exe[936] WS2_32.dll!socket 763036D1 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01C10FEF
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01C1001E
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 01C10FDE
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 01C00F3C
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 01C00F4D
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 01C000AE
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 01C00F17
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 01C00F6F
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 01C00FC0
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 01C00FAF
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 01C00F5E
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 01C0003D
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 01C0001B
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 01C0002C
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 01C00F94
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 01C0006E
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 01C00F06
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 01C00FDB
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 01C00000
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 01C0009D
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 020C0F9C
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!system 770E804B 5 Bytes JMP 020C0FAD
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 020C0FD2
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_open 770ED106 5 Bytes JMP 020C0000
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 020C0027
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 020C0FE3
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 01B70080
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 01B7005B
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 01B7000A
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 01B70FD4
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 01B70FC3
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 01B70FEF
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 01B7001B
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 01B70040
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 020B0FEF
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 020B000A
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 020B0FDE
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 020B002F
.text C:\Windows\System32\svchost.exe[1056] WS2_32.dll!socket 763036D1 5 Bytes JMP 01620FE5
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01200FEF
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01200FCD
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 01200FDE
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00FD0F59
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00FD009F
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00FD00C4
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00FD0F2D
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00FD006C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00FD001B
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00FD0FCA
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00FD008E
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00FD0051
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00FD0036
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00FD0F94
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00FD0FAF
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00FD007D
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00FD00D5
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00FD0000
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00FD0FE5
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00FD0F48
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 018C007A
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!system 770E804B 5 Bytes JMP 018C005F
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 018C0029
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_open 770ED106 5 Bytes JMP 018C000C
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 018C004E
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 018C0FEF
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 018A0FC0
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 018A0051
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 018A000A
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 018A0062
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 018A0FA5
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 018A0FDB
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 018A001B
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 018A0036
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 018B0FEF
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 018B0014
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 018B002F
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 018B0040
.text C:\Windows\System32\svchost.exe[1096] WS2_32.dll!socket 763036D1 5 Bytes JMP 01210FEF
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01DB0FEF
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01DB001B
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 01DB000A
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtWriteVirtualMemory 77CB5674 5 Bytes JMP 003F000A
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!KiUserExceptionDispatcher 77CB5DC8 5 Bytes JMP 003D000A
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 01D6008C
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 01D60071
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 01D60F10
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 01D60F2B
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 01D60F5E
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 01D6001B
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 01D60FCA
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 01D60F3C
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 01D60F79
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 01D60FAF
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 01D60F8A
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 01D6002C
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 01D60F4D
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 01D600CC
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 01D6000A
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 01D60FEF
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 01D600A7
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 01E70FB7
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!system 770E804B 5 Bytes JMP 01E70042
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 01E7000C
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_open 770ED106 5 Bytes JMP 01E70FEF
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 01E70027
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 01E70FD2
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 01E10058
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 01E1003D
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 01E10000
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 01E10FB6
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 01E10FA5
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 01E10FDB
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 01E10011
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 01E1002C
.text C:\Windows\system32\svchost.exe[1168] ole32.dll!CoCreateInstance 76949EA6 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[1168] USER32.dll!GetCursorPos 76DD0B88 5 Bytes JMP 01C6000A
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 01E60000
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 01E60FEF
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 01E60FDE
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 01E6002F
.text C:\Windows\system32\svchost.exe[1168] WS2_32.dll!socket 763036D1 5 Bytes JMP 01DC0FEF
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00020000
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 0002001B
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00010F63
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 000100B3
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 000100E9
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00010F52
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00010F88
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00010FA3
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 0001005B
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00010104
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 000100C4
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00D20011
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!system 770E804B 5 Bytes JMP 00D20F90
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00D20FBC
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_open 770ED106 5 Bytes JMP 00D20000
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00D20FA1
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00D20FD7
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00D00F83
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00D00F9E
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00D00FE5
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00D0001B
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00D00036
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00D00FB9
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00D00FD4
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00D0000A
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00D10014
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00D1002F
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00D1004A
.text C:\Windows\system32\svchost.exe[1272] WS2_32.dll!socket 763036D1 5 Bytes JMP 00CF0FEF
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00F5000A
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00F50040
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00F5001B
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00EE00A9
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00EE0084
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00EE0F19
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00EE0F34
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00EE0073
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00EE0FCA
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00EE001B
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00EE0F59
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00EE0062
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00EE0FA5
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00EE0051
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00EE0036
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00EE0F7E
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00EE0F08
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00EE0FDB
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00EE0000
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00EE00BA
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 01740FD4
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!system 770E804B 5 Bytes JMP 0174005F
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 01740033
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_open 770ED106 5 Bytes JMP 01740FEF
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 0174004E
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 0174000C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00780047
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 0078002C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00780FA5
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00780062
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00780FCA
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00FF0000
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00FF0FE5
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00FF0FD4
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00FF0FC3
.text C:\Windows\system32\svchost.exe[1348] WS2_32.dll!socket 763036D1 5 Bytes JMP 00FA0000
.text C:\Windows\System32\svchost.exe[1436] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 001A0FE5
.text C:\Windows\System32\svchost.exe[1436] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 001A0011
.text C:\Windows\System32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 001A0000
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00170F68
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 001700AE
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 001700D3
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00170F3C
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 0017005D
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00170FCA
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 0017001B
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00170093
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00170F83
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00170FA5
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00170F94
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 0017002C
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00170082
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00170F21
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00170000
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00170F4D
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00190FAF
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!system 770E804B 5 Bytes JMP 00190FCA
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 0019003A
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_open 770ED106 5 Bytes JMP 00190000
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00190FEF
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 0019001D
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 0002006C
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00020040
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 0002000A
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 0002005B
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00020FAF
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00020FCA
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00020FEF
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00020025
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00180000
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00180FDB
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00180FCA
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00180FAF
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00950036
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00950025
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00940F4A
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00940F6F
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 009400B5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00940F1E
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 0094007F
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00940036
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00940F80
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00940FA5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00940051
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00940062
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00940FCA
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00940090
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 009400C6
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 0094001B
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00940F39
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 009D0FD2
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!system 770E804B 5 Bytes JMP 009D005D
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 009D0FE3
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_open 770ED106 5 Bytes JMP 009D0000
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 009D0042
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 009D0011
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00920FA8
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00920FC3
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00920FEF
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 0092004A
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00920065
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00920014
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00920FDE
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00920025
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 009C0000
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 009C0011
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 009C0FE5
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 009C0FCA
.text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!socket 763036D1 5 Bytes JMP 009A0FEF
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01060000
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01060040
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 0106001B
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 010500A7
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 01050096
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 010500E4
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 010500C9
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 01050071
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 01050014
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 01050FC3
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 01050F61
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 01050F97
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 01050FA8
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 01050054
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 0105002F
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 01050F7C
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 010500F5
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 01050FDE
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 01050FEF
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 010500B8
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 011D0038
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!system 770E804B 5 Bytes JMP 011D0FAD
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 011D0FD9
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_open 770ED106 5 Bytes JMP 011D0000
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 011D0FC8
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 011D001D
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00930F68
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00930F8D
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00930FEF
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00930014
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00930025
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00930FAF
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00930FD4
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00930F9E
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 01140FEF
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 01140FDE
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 01140014
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 01140025
.text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!socket 763036D1 5 Bytes JMP 010B0FEF
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00040FEF
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00040FDE
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 0094000A
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtWriteVirtualMemory 77CB5674 5 Bytes JMP 00CE000A
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!KiUserExceptionDispatcher 77CB5DC8 5 Bytes JMP 0093000A
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00190F97
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00190FC3
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00190000
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00190FA8
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 0019004A
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00190FDE
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00190FEF
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 0019002F
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 001A002C
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!system 770E804B 5 Bytes JMP 001A0011
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 001A0FB5
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_open 770ED106 5 Bytes JMP 001A0FEF
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 001A0000
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 001A0FC6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[552] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00FD76E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[552] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00FD7740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 8/31/2010 12:21:40 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 218.73 Gb Free Space | 77.18% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.71 Gb Free Space | 59.45% Space Free | Partition Type: NTFS
Drive E: | 23.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON530
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MPF\MpfAlert.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\sminst\SftService.exe (SoftThinks)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\spybot - search & destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\dlbacoms.exe ( )
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Windows\sminst\sftservice.EXE (SoftThinks)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\spybot - search & destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (dlba_device) -- C:\Windows\System32\dlbacoms.exe ( )
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (rwkkg) -- C:\Windows\System32\drivers\ranchvug.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (42163022) -- C:\Windows\System32\DRIVERS\42163022.sys File not found
DRV - (utm2mjmy) -- C:\Windows\System32\drivers\utm2mjmy.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (42163021) -- C:\Windows\System32\drivers\42163021.sys (Kaspersky Lab)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (XLoader) PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys) -- C:\Windows\System32\drivers\XLoader.sys (Plextor Corp.)
DRV - (WISTechVIDCAP) -- C:\Windows\System32\drivers\Xstream.sys (Plextor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {E6655746-20E7-4A9A-8DEE-1E60EC0427B5}:1.9.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/25 13:55:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3DA5B818-3102-48AE-B57E-8E4D5529150F}: C:\Windows\system32\config\systemprofile\AppData\Local\{3DA5B818-3102-48AE-B57E-8E4D5529150F}\ [2010/08/25 18:17:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 22:25:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 17:40:53 | 000,000,000 | ---D | M]

[2010/08/25 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2010/04/04 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/08/25 18:05:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\n8ycsuei.default\extensions
[2010/08/25 18:05:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\n8ycsuei.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/25 17:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/08/22 07:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/08/20 21:20:32 | 000,416,853 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14389 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100825222520.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5334504D-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/mpg4sax.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 18:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/25 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Mozilla
[2010/08/25 17:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/22 23:33:00 | 000,093,056 | ---- | C] (GMER) -- C:\pflyykoc.sys
[2010/08/22 22:47:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/21 14:12:38 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Virus Removal Tool1
[2010/08/21 00:04:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Threat Expert
[2010/08/20 23:42:11 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\4216302.sys
[2010/08/20 23:42:11 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\42163021.sys
[2010/08/20 23:42:11 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Virus Removal Tool
[2010/08/20 23:40:38 | 073,765,816 | ---- | C] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/20 23:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/08/20 22:35:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/20 22:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/20 22:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/20 21:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/20 19:33:21 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Roaming\Earthlink
[2010/08/20 19:28:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2010/08/20 19:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/17 19:50:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/17 19:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/17 19:49:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/17 19:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/17 19:23:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/17 17:19:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\com.titleist.gbf.pga.7CDAE941C65273973F33EE01488E285A2B576605.1
[2010/08/17 17:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Titleist Golf Ball Fitting
[2010/08/12 08:13:03 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/12 08:12:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/12 08:12:56 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/12 08:12:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/12 08:12:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/12 08:12:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/12 08:12:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/12 08:12:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/12 08:12:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/12 08:12:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/12 08:12:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/12 08:12:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/12 08:12:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/12 08:12:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/12 08:12:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/12 08:12:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/12 08:12:53 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/12 08:12:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/12 08:12:32 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/12 08:12:32 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/05/18 13:09:25 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbaserv.dll
[2009/05/18 13:09:25 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbausb1.dll
[2009/05/18 13:09:25 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbainpa.dll
[2009/05/18 13:09:25 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbaiesc.dll
[2009/05/18 13:09:25 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBAhcp.dll
[2009/05/18 13:09:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbaprox.dll
[2009/05/18 13:09:24 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbahbn3.dll
[2009/05/18 13:09:24 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbacomc.dll
[2009/05/18 13:09:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbapmui.dll
[2009/05/18 13:09:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbalmpm.dll
[2009/05/18 13:09:24 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbacomm.dll
[2009/05/18 13:09:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbapplc.dll

========== Files - Modified Within 30 Days ==========

[2010/08/31 00:24:20 | 007,077,888 | -HS- | M] () -- C:\Users\David\NTUSER.DAT
[2010/08/31 00:18:35 | 000,524,288 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/31 00:18:35 | 000,065,536 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/31 00:18:16 | 003,381,587 | -H-- | M] () -- C:\Users\David\AppData\Local\IconCache.db
[2010/08/31 00:15:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 00:15:04 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 00:15:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/31 00:14:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/31 00:14:45 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 00:14:39 | 457,710,156 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/30 23:38:48 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{55DA8026-62CE-4E82-B28F-89333ADDF3C8}.job
[2010/08/30 23:35:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3F5D6C48-F742-41F9-9309-2770C0A97CB0}.job
[2010/08/25 18:15:52 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/25 18:14:21 | 377,979,152 | ---- | M] () -- C:\Users\David\Desktop\backup.reg
[2010/08/22 23:33:00 | 000,093,056 | ---- | M] (GMER) -- C:\pflyykoc.sys
[2010/08/21 02:26:47 | 000,000,112 | ---- | M] () -- C:\ProgramData\rORs6m1KO.dat
[2010/08/20 23:58:17 | 000,721,296 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/20 23:58:17 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/20 23:58:17 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/20 23:54:54 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\utm2mjmy.sys
[2010/08/20 23:33:58 | 073,765,816 | ---- | M] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/20 22:25:40 | 000,001,740 | ---- | M] () -- C:\Users\David\Documents\cc_20100820_222537.reg
[2010/08/20 21:20:32 | 000,416,853 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/20 19:28:42 | 000,005,086 | ---- | M] () -- C:\Users\David\Documents\cc_20100820_192839.reg
[2010/08/17 17:09:46 | 000,003,122 | ---- | M] () -- C:\Users\David\AppData\Local\Brigalajoqibuz.dat
[2010/08/15 14:21:17 | 000,000,403 | ---- | M] () -- C:\Windows\dellstat.ini
[2010/08/13 09:58:18 | 000,414,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/09 16:26:07 | 000,034,304 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/08/25 18:15:41 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/25 18:13:28 | 377,979,152 | ---- | C] () -- C:\Users\David\Desktop\backup.reg
[2010/08/24 22:23:36 | 3478,310,912 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 23:31:18 | 457,710,156 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/22 04:10:01 | 000,001,024 | -H-- | C] () -- C:\Users\David\ntuser.dat.LOG
[2010/08/21 02:26:47 | 000,000,112 | ---- | C] () -- C:\ProgramData\rORs6m1KO.dat
[2010/08/20 23:54:50 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utm2mjmy.sys
[2010/08/20 22:25:39 | 000,001,740 | ---- | C] () -- C:\Users\David\Documents\cc_20100820_222537.reg
[2010/08/20 19:28:40 | 000,005,086 | ---- | C] () -- C:\Users\David\Documents\cc_20100820_192839.reg
[2010/07/01 20:55:47 | 000,003,122 | ---- | C] () -- C:\Users\David\AppData\Local\Brigalajoqibuz.dat
[2010/07/01 20:55:47 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\Spituj.bin
[2009/11/24 23:28:44 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2009/11/24 23:23:51 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/11/24 23:16:45 | 000,122,880 | ---- | C] () -- C:\Windows\System32\cddvdint.dll
[2009/11/24 23:12:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/11/24 23:12:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/11/24 23:12:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/11/24 23:12:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/11/24 23:12:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/11/24 23:12:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/08/30 20:32:17 | 000,001,330 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2009/08/18 13:29:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/18 13:10:37 | 000,000,403 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/05/18 13:09:25 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbautil.dll
[2009/05/18 13:09:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBAinst.dll
[2009/05/18 13:09:24 | 000,479,232 | ---- | C] () -- C:\Windows\System32\dlbajswr.dll
[2009/05/18 13:09:24 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbainsb.dll
[2009/05/18 13:09:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\dlbains.dll
[2009/05/18 13:09:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbacur.dll
[2009/05/18 13:09:24 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbainsr.dll
[2009/05/18 13:09:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbacu.dll
[2009/05/18 13:06:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/05/18 13:06:45 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/05/18 13:06:03 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbacnv4.dll
[2009/05/18 13:06:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbavs.dll
[2009/05/18 13:06:01 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbacoin.dll
[2009/05/18 12:54:40 | 000,040,960 | ---- | C] () -- C:\Windows\System32\WMPCI54G.dll
[2009/05/18 12:54:26 | 000,000,493 | ---- | C] () -- C:\Windows\System32\wlan.ini
[2009/05/15 17:27:37 | 000,034,304 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/05 15:45:45 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/05/05 15:45:45 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/05/05 15:45:45 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/05/05 15:45:45 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/05/05 13:06:57 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/05 13:06:57 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/05 13:06:57 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/05 13:06:57 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/05 13:06:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/05 13:06:57 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/05 13:06:56 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/05 13:06:56 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/05 13:06:56 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/05 13:06:56 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/05 13:06:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/05 13:06:56 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/05 13:06:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/05 13:06:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/05 13:06:56 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/05 13:06:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/05 13:06:55 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/05 13:06:55 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/05 13:06:55 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/05 13:06:55 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/05 13:06:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/05 13:06:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/05 13:06:52 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/03/07 20:40:53 | 000,001,024 | ---- | M] () -- C:\ (1).rnd
[2009/05/12 20:21:43 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2002/09/03 09:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/07/13 20:28:38 | 000,000,000 | ---- | M] () -- C:\debug1.txt
[2003/03/04 20:36:02 | 000,004,161 | RH-- | M] () -- C:\DELL (1).SDR
[2009/05/05 15:45:54 | 000,003,766 | RH-- | M] () -- C:\dell.sdr
[2003/06/22 21:32:04 | 000,004,790 | -H-- | M] () -- C:\ffastun.ffa
[2003/06/22 21:32:03 | 000,253,952 | -H-- | M] () -- C:\ffastun.ffl
[2003/06/22 21:32:04 | 000,577,536 | -H-- | M] () -- C:\ffastun.ffo
[2003/06/22 21:32:03 | 000,557,056 | -H-- | M] () -- C:\ffastun0.ffx
[2006/07/13 20:28:38 | 000,000,008 | ---- | M] () -- C:\GetFlashID.txt
[2010/08/31 00:14:45 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2003/03/04 21:02:12 | 000,000,332 | -H-- | M] () -- C:\IPH.PH
[2009/05/25 05:10:27 | 000,000,000 | ---- | M] () -- C:\LogMeIn-0784-20090525-051027.dmp
[2009/06/28 23:15:44 | 004,300,291 | ---- | M] () -- C:\LogMeIn-0784-20090628-231544.dmp
[2009/07/10 23:48:05 | 004,300,255 | ---- | M] () -- C:\LogMeIn-0784-20090710-234805.dmp
[2009/07/28 00:36:17 | 004,305,455 | ---- | M] () -- C:\LogMeIn-0784-20090728-003617.dmp
[2009/12/03 00:53:25 | 002,801,932 | ---- | M] () -- C:\LogMeIn-0982-20091202-235324.dmp
[2009/12/10 10:37:14 | 001,477,580 | ---- | M] () -- C:\LogMeIn-0982-20091210-093714.dmp
[2010/04/14 09:02:54 | 002,798,524 | ---- | M] () -- C:\LogMeIn-0982-20100414-090253.dmp
[2010/06/12 23:37:46 | 000,000,000 | ---- | M] () -- C:\LogMeIn-1310-20100612-233746.dmp
[2010/06/19 23:01:53 | 002,805,812 | ---- | M] () -- C:\LogMeIn-1310-20100619-230153.dmp
[2010/08/31 00:14:44 | 3791,929,344 | -HS- | M] () -- C:\pagefile.sys
[2010/08/22 23:33:00 | 000,093,056 | ---- | M] (GMER) -- C:\pflyykoc.sys
[2010/08/20 23:33:58 | 073,765,816 | ---- | M] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/25 18:15:52 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/20 18:07:04 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.in

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4511

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/30/2010 11:42:53 PM
mbam-log-2010-08-30 (23-42-53).txt

Scan type: Quick scan
Objects scanned: 180833
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 00:13:10
Windows 6.0.6002 Service Pack 2
Running: lhtwyjr3.exe; Driver: C:\Users\David\AppData\Local\Temp\pflyykoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82840D88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82840DB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82840D9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82840D74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 822729D2 5 Bytes JMP 82840D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82437DA3 5 Bytes JMP 82840DB6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 824574FA 7 Bytes JMP 82840D8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 824577BD 5 Bytes JMP 82840DA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[464] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[464] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00340000
.text C:\Windows\system32\svchost.exe[464] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00340FCA
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 003100BC
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00310F76
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00310F4A
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00310F65
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00310FA2
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 0031002C
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 0031003D
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00310F87
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00310FBD
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00310069
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 0031007A
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 0031004E
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 003100A1
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00310F39
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 003100E1
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 0033005D
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!system 770E804B 5 Bytes JMP 00330042
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00330FD2
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_open 770ED106 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00330031
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 0033000C
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00300051
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00300FB9
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00300040
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 0030006C
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00300FD4
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00300025
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 0032001B
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00320040
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00320051
.text C:\Windows\system32\svchost.exe[464] WS2_32.dll!socket 763036D1 5 Bytes JMP 002F0000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[512] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 71809AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[512] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 71809A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\services.exe[664] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 0088000A
.text C:\Windows\system32\services.exe[664] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00880FEF
.text C:\Windows\system32\services.exe[664] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00880025
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 002E0F79
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 002E0F8A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 002E00F5
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 002E0F5E
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 002E0089
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 002E0025
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 002E0036
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 002E00B5
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 002E0FAF
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 002E006C
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 002E0FCA
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 002E0051
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 002E009A
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 002E0F43
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 002E0FEF
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 002E000A
.text C:\Windows\system32\services.exe[664] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 002E00D0
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 008E0F91
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 008E0FB6
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 008E0000
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 008E003D
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 008E004E
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 008E0FDB
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 008E0011
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 008E002C
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00D90FA3
.text C:\Windows\system32\services.exe[664] msvcrt.dll!system 770E804B 5 Bytes JMP 00D9002E
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00D9001D
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_open 770ED106 5 Bytes JMP 00D90000
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00D90FBE
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00D90FE3
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 008F000A
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 008F0025
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 008F0FD4
.text C:\Windows\system32\services.exe[664] WS2_32.dll!socket 763036D1 5 Bytes JMP 008D0FE5
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 0019000A
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00190036
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00190025
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 001800B3
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 001800A2
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 001800D8
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00180F41
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00180076
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00180014
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 0018002F
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00180087
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00180F9E
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00180051
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00180FAF
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00180040
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00180F77
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 001800E9
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00180FDE
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00180FEF
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00180F52
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 008D0F9E
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 008D0FC0
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 008D0FAF
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 008D005B
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 008D001B
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 008D000A
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 008D002C
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00DF0F9C
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!system 770E804B 5 Bytes JMP 00DF0027
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00DF0FD2
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_open 770ED106 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00DF0FC1
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00DF000C
.text C:\Windows\system32\lsass.exe[684] WS2_32.dll!socket 763036D1 5 Bytes JMP 001A0FE5
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 008F0FE5
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 008F0FD4
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 008F0FC3
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 008F0FB2
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00AC0FE5
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00AC0FD4
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00AC0000
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 009100BF
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 009100AE
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00910F5E
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 009100EB
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00910F83
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00910FB9
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00910089
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00910051
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00910FA8
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00910040
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00910025
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00910078
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00910F4D
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00910FD4
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 009100D0
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 009B0FA6
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!system 770E804B 5 Bytes JMP 009B0FC1
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 009B0FD2
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_open 770ED106 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 009B0027
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 009B0FE3
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00900FD4
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00900FE5
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00900076
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00900091
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00900036
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00900025
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00900051
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 009A0FEF
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 009A000A
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 009A001B
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 009A002C
.text C:\Windows\system32\svchost.exe[772] WS2_32.dll!socket 763036D1 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 003E0FE5
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 003E0FC3
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 003E0FD4
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 003D0F46
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 003D0F57
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 003D00B1
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 003D0F1A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 003D0F8D
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 003D0FCA
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 003D001B
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 003D0082
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 003D0067
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 003D0F9E
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 003D0040
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 003D0FB9
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 003D0F7C
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 003D00C2
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 003D000A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 003D0F2B
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 006F0FAD
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!system 770E804B 5 Bytes JMP 006F0042
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 006F0FD2
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_open 770ED106 5 Bytes JMP 006F0FEF
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 006F0027
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 006F000C
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 0069006F
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00690FC3
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00690000
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 0069004A
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00690080
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00690FEF
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 0069001B
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00690FD4
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 006A0000
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 006A0FDE
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 006A0025
.text C:\Windows\system32\svchost.exe[872] WS2_32.dll!socket 763036D1 5 Bytes JMP 00680000
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 008F0FE5
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 008F001B
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 007C0F4B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 007C0091
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 007C0F1C
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 007C00B3
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 007C0F6D
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 007C0FE5
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 007C0FCA
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 007C0076
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 007C0F8A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 007C0047
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 007C0F9B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 007C0036
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 007C0F5C
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 007C0F0B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 007C001B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 007C0000
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 007C00A2
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00A70FB0
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!system 770E804B 5 Bytes JMP 00A70FC1
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00A70016
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_open 770ED106 5 Bytes JMP 00A70FE3
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00A70031
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00A70FD2
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00910FC0
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00910047
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00910062
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 0091007D
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00910FDB
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00910011
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00910036
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00A60FEF
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00A6000A
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00A60FD4
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00A6001B
.text C:\Windows\system32\svchost.exe[936] WS2_32.dll!socket 763036D1 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01C10FEF
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01C1001E
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 01C10FDE
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 01C00F3C
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 01C00F4D
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 01C000AE
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 01C00F17
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 01C00F6F
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 01C00FC0
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 01C00FAF
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 01C00F5E
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 01C0003D
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 01C0001B
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 01C0002C
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 01C00F94
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 01C0006E
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 01C00F06
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 01C00FDB
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 01C00000
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 01C0009D
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 020C0F9C
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!system 770E804B 5 Bytes JMP 020C0FAD
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 020C0FD2
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_open 770ED106 5 Bytes JMP 020C0000
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 020C0027
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 020C0FE3
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 01B70080
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 01B7005B
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 01B7000A
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 01B70FD4
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 01B70FC3
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 01B70FEF
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 01B7001B
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 01B70040
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 020B0FEF
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 020B000A
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 020B0FDE
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 020B002F
.text C:\Windows\System32\svchost.exe[1056] WS2_32.dll!socket 763036D1 5 Bytes JMP 01620FE5
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01200FEF
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01200FCD
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 01200FDE
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00FD0F59
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00FD009F
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00FD00C4
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00FD0F2D
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00FD006C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00FD001B
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00FD0FCA
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00FD008E
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00FD0051
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00FD0036
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00FD0F94
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00FD0FAF
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00FD007D
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00FD00D5
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00FD0000
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00FD0FE5
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00FD0F48
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 018C007A
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!system 770E804B 5 Bytes JMP 018C005F
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 018C0029
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_open 770ED106 5 Bytes JMP 018C000C
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 018C004E
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 018C0FEF
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 018A0FC0
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 018A0051
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 018A000A
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 018A0062
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 018A0FA5
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 018A0FDB
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 018A001B
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 018A0036
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 018B0FEF
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 018B0014
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 018B002F
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 018B0040
.text C:\Windows\System32\svchost.exe[1096] WS2_32.dll!socket 763036D1 5 Bytes JMP 01210FEF
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01DB0FEF
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01DB001B
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 01DB000A
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtWriteVirtualMemory 77CB5674 5 Bytes JMP 003F000A
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!KiUserExceptionDispatcher 77CB5DC8 5 Bytes JMP 003D000A
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 01D6008C
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 01D60071
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 01D60F10
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 01D60F2B
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 01D60F5E
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 01D6001B
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 01D60FCA
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 01D60F3C
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 01D60F79
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 01D60FAF
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 01D60F8A
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 01D6002C
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 01D60F4D
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 01D600CC
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 01D6000A
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 01D60FEF
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 01D600A7
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 01E70FB7
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!system 770E804B 5 Bytes JMP 01E70042
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 01E7000C
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_open 770ED106 5 Bytes JMP 01E70FEF
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 01E70027
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 01E70FD2
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 01E10058
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 01E1003D
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 01E10000
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 01E10FB6
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 01E10FA5
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 01E10FDB
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 01E10011
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 01E1002C
.text C:\Windows\system32\svchost.exe[1168] ole32.dll!CoCreateInstance 76949EA6 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[1168] USER32.dll!GetCursorPos 76DD0B88 5 Bytes JMP 01C6000A
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 01E60000
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 01E60FEF
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 01E60FDE
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 01E6002F
.text C:\Windows\system32\svchost.exe[1168] WS2_32.dll!socket 763036D1 5 Bytes JMP 01DC0FEF
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00020000
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 0002001B
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00010F63
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 000100B3
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 000100E9
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00010F52
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00010F88
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00010FA3
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 0001005B
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00010104
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 000100C4
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00D20011
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!system 770E804B 5 Bytes JMP 00D20F90
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00D20FBC
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_open 770ED106 5 Bytes JMP 00D20000
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00D20FA1
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00D20FD7
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00D00F83
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00D00F9E
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00D00FE5
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00D0001B
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00D00036
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00D00FB9
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00D00FD4
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00D0000A
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00D10014
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00D1002F
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00D1004A
.text C:\Windows\system32\svchost.exe[1272] WS2_32.dll!socket 763036D1 5 Bytes JMP 00CF0FEF
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00F5000A
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00F50040
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00F5001B
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00EE00A9
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00EE0084
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00EE0F19
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00EE0F34
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00EE0073
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00EE0FCA
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00EE001B
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00EE0F59
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00EE0062
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00EE0FA5
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00EE0051
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00EE0036
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00EE0F7E
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00EE0F08
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00EE0FDB
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00EE0000
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00EE00BA
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 01740FD4
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!system 770E804B 5 Bytes JMP 0174005F
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 01740033
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_open 770ED106 5 Bytes JMP 01740FEF
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 0174004E
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 0174000C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00780047
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 0078002C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00780FA5
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00780062
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00780FCA
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00FF0000
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00FF0FE5
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00FF0FD4
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00FF0FC3
.text C:\Windows\system32\svchost.exe[1348] WS2_32.dll!socket 763036D1 5 Bytes JMP 00FA0000
.text C:\Windows\System32\svchost.exe[1436] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 001A0FE5
.text C:\Windows\System32\svchost.exe[1436] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 001A0011
.text C:\Windows\System32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 001A0000
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00170F68
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 001700AE
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 001700D3
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00170F3C
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 0017005D
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00170FCA
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 0017001B
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00170093
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00170F83
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00170FA5
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00170F94
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 0017002C
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00170082
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00170F21
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00170000
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00170F4D
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00190FAF
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!system 770E804B 5 Bytes JMP 00190FCA
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 0019003A
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_open 770ED106 5 Bytes JMP 00190000
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00190FEF
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 0019001D
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 0002006C
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00020040
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 0002000A
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 0002005B
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00020FAF
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00020FCA
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00020FEF
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00020025
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00180000
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00180FDB
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00180FCA
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00180FAF
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00950036
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00950025
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00940F4A
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00940F6F
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 009400B5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00940F1E
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 0094007F
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00940036
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00940F80
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00940FA5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00940051
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00940062
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00940FCA
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00940090
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 009400C6
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 0094001B
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00940F39
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 009D0FD2
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!system 770E804B 5 Bytes JMP 009D005D
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 009D0FE3
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_open 770ED106 5 Bytes JMP 009D0000
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 009D0042
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 009D0011
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00920FA8
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00920FC3
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00920FEF
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 0092004A
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00920065
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00920014
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00920FDE
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00920025
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 009C0000
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 009C0011
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 009C0FE5
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 009C0FCA
.text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!socket 763036D1 5 Bytes JMP 009A0FEF
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01060000
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01060040
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 0106001B
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 010500A7
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 01050096
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 010500E4
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 010500C9
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 01050071
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 01050014
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 01050FC3
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 01050F61
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 01050F97
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 01050FA8
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 01050054
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 0105002F
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 01050F7C
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 010500F5
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 01050FDE
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 01050FEF
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 010500B8
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 011D0038
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!system 770E804B 5 Bytes JMP 011D0FAD
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 011D0FD9
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_open 770ED106 5 Bytes JMP 011D0000
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 011D0FC8
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 011D001D
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00930F68
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00930F8D
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00930FEF
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00930014
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00930025
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00930FAF
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00930FD4
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00930F9E
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 01140FEF
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 01140FDE
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 01140014
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 01140025
.text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!socket 763036D1 5 Bytes JMP 010B0FEF
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00040FEF
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00040FDE
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 0094000A
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtWriteVirtualMemory 77CB5674 5 Bytes JMP 00CE000A
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!KiUserExceptionDispatcher 77CB5DC8 5 Bytes JMP 0093000A
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00190F97
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00190FC3
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00190000
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00190FA8
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 0019004A
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00190FDE
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00190FEF
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 0019002F
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 001A002C
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!system 770E804B 5 Bytes JMP 001A0011
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 001A0FB5
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_open 770ED106 5 Bytes JMP 001A0FEF
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 001A0000
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 001A0FC6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[552] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00FD76E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[552] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00FD7740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 8/31/2010 12:21:40 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 218.73 Gb Free Space | 77.18% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.71 Gb Free Space | 59.45% Space Free | Partition Type: NTFS
Drive E: | 23.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON530
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========


PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MPF\MpfAlert.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\sminst\SftService.exe (SoftThinks)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\spybot - search & destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\dlbacoms.exe ( )
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Windows\sminst\sftservice.EXE (SoftThinks)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\spybot - search & destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (dlba_device) -- C:\Windows\System32\dlbacoms.exe ( )
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (rwkkg) -- C:\Windows\System32\drivers\ranchvug.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (42163022) -- C:\Windows\System32\DRIVERS\42163022.sys File not found
DRV - (utm2mjmy) -- C:\Windows\System32\drivers\utm2mjmy.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (42163021) -- C:\Windows\System32\drivers\42163021.sys (Kaspersky Lab)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (XLoader) PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys) -- C:\Windows\System32\drivers\XLoader.sys (Plextor Corp.)
DRV - (WISTechVIDCAP) -- C:\Windows\System32\drivers\Xstream.sys (Plextor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {E6655746-20E7-4A9A-8DEE-1E60EC0427B5}:1.9.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/25 13:55:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3DA5B818-3102-48AE-B57E-8E4D5529150F}: C:\Windows\system32\config\systemprofile\AppData\Local\{3DA5B818-3102-48AE-B57E-8E4D5529150F}\ [2010/08/25 18:17:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 22:25:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 17:40:53 | 000,000,000 | ---D | M]

[2010/08/25 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2010/04/04 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/08/25 18:05:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\n8ycsuei.default\extensions
[2010/08/25 18:05:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\n8ycsuei.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/25 17:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/08/22 07:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/08/20 21:20:32 | 000,416,853 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14389 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100825222520.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5334504D-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/mpg4sax.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 18:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/25 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Mozilla
[2010/08/25 17:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/22 23:33:00 | 000,093,056 | ---- | C] (GMER) -- C:\pflyykoc.sys
[2010/08/22 22:47:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/21 14:12:38 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Virus Removal Tool1
[2010/08/21 00:04:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Threat Expert
[2010/08/20 23:42:11 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\4216302.sys
[2010/08/20 23:42:11 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\42163021.sys
[2010/08/20 23:42:11 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Virus Removal Tool
[2010/08/20 23:40:38 | 073,765,816 | ---- | C] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/20 23:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/08/20 22:35:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/20 22:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/20 22:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/20 21:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/20 19:33:21 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Roaming\Earthlink
[2010/08/20 19:28:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2010/08/20 19:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/17 19:50:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/17 19:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/17 19:49:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/17 19:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/17 19:23:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/17 17:19:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\com.titleist.gbf.pga.7CDAE941C65273973F33EE01488E285A2B576605.1
[2010/08/17 17:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Titleist Golf Ball Fitting
[2010/08/12 08:13:03 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/12 08:12:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/12 08:12:56 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/12 08:12:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/12 08:12:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/12 08:12:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/12 08:12:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/12 08:12:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/12 08:12:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/12 08:12:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/12 08:12:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/12 08:12:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/12 08:12:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/12 08:12:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/12 08:12:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/12 08:12:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/12 08:12:53 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/12 08:12:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/12 08:12:32 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/12 08:12:32 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/05/18 13:09:25 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbaserv.dll
[2009/05/18 13:09:25 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbausb1.dll
[2009/05/18 13:09:25 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbainpa.dll
[2009/05/18 13:09:25 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbaiesc.dll
[2009/05/18 13:09:25 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBAhcp.dll
[2009/05/18 13:09:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbaprox.dll
[2009/05/18 13:09:24 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbahbn3.dll
[2009/05/18 13:09:24 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbacomc.dll
[2009/05/18 13:09:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbapmui.dll
[2009/05/18 13:09:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbalmpm.dll
[2009/05/18 13:09:24 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbacomm.dll
[2009/05/18 13:09:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbapplc.dll

========== Files - Modified Within 30 Days ==========

[2010/08/31 00:24:20 | 007,077,888 | -HS- | M] () -- C:\Users\David\NTUSER.DAT
[2010/08/31 00:18:35 | 000,524,288 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/31 00:18:35 | 000,065,536 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/31 00:18:16 | 003,381,587 | -H-- | M] () -- C:\Users\David\AppData\Local\IconCache.db
[2010/08/31 00:15:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 00:15:04 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 00:15:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/31 00:14:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/31 00:14:45 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 00:14:39 | 457,710,156 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/30 23:38:48 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{55DA8026-62CE-4E82-B28F-89333ADDF3C8}.job
[2010/08/30 23:35:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3F5D6C48-F742-41F9-9309-2770C0A97CB0}.job
[2010/08/25 18:15:52 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/25 18:14:21 | 377,979,152 | ---- | M] () -- C:\Users\David\Desktop\backup.reg
[2010/08/22 23:33:00 | 000,093,056 | ---- | M] (GMER) -- C:\pflyykoc.sys
[2010/08/21 02:26:47 | 000,000,112 | ---- | M] () -- C:\ProgramData\rORs6m1KO.dat
[2010/08/20 23:58:17 | 000,721,296 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/20 23:58:17 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/20 23:58:17 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/20 23:54:54 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\utm2mjmy.sys
[2010/08/20 23:33:58 | 073,765,816 | ---- | M] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/20 22:25:40 | 000,001,740 | ---- | M] () -- C:\Users\David\Documents\cc_20100820_222537.reg
[2010/08/20 21:20:32 | 000,416,853 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/20 19:28:42 | 000,005,086 | ---- | M] () -- C:\Users\David\Documents\cc_20100820_192839.reg
[2010/08/17 17:09:46 | 000,003,122 | ---- | M] () -- C:\Users\David\AppData\Local\Brigalajoqibuz.dat
[2010/08/15 14:21:17 | 000,000,403 | ---- | M] () -- C:\Windows\dellstat.ini
[2010/08/13 09:58:18 | 000,414,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/09 16:26:07 | 000,034,304 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/08/25 18:15:41 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/25 18:13:28 | 377,979,152 | ---- | C] () -- C:\Users\David\Desktop\backup.reg
[2010/08/24 22:23:36 | 3478,310,912 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 23:31:18 | 457,710,156 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/22 04:10:01 | 000,001,024 | -H-- | C] () -- C:\Users\David\ntuser.dat.LOG
[2010/08/21 02:26:47 | 000,000,112 | ---- | C] () -- C:\ProgramData\rORs6m1KO.dat
[2010/08/20 23:54:50 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utm2mjmy.sys
[2010/08/20 22:25:39 | 000,001,740 | ---- | C] () -- C:\Users\David\Documents\cc_20100820_222537.reg
[2010/08/20 19:28:40 | 000,005,086 | ---- | C] () -- C:\Users\David\Documents\cc_20100820_192839.reg
[2010/07/01 20:55:47 | 000,003,122 | ---- | C] () -- C:\Users\David\AppData\Local\Brigalajoqibuz.dat
[2010/07/01 20:55:47 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\Spituj.bin
[2009/11/24 23:28:44 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2009/11/24 23:23:51 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/11/24 23:16:45 | 000,122,880 | ---- | C] () -- C:\Windows\System32\cddvdint.dll
[2009/11/24 23:12:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/11/24 23:12:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/11/24 23:12:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/11/24 23:12:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/11/24 23:12:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/11/24 23:12:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/08/30 20:32:17 | 000,001,330 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2009/08/18 13:29:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/18 13:10:37 | 000,000,403 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/05/18 13:09:25 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbautil.dll
[2009/05/18 13:09:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBAinst.dll
[2009/05/18 13:09:24 | 000,479,232 | ---- | C] () -- C:\Windows\System32\dlbajswr.dll
[2009/05/18 13:09:24 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbainsb.dll
[2009/05/18 13:09:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\dlbains.dll
[2009/05/18 13:09:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbacur.dll
[2009/05/18 13:09:24 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbainsr.dll
[2009/05/18 13:09:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbacu.dll
[2009/05/18 13:06:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/05/18 13:06:45 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/05/18 13:06:03 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbacnv4.dll
[2009/05/18 13:06:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbavs.dll
[2009/05/18 13:06:01 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbacoin.dll
[2009/05/18 12:54:40 | 000,040,960 | ---- | C] () -- C:\Windows\System32\WMPCI54G.dll
[2009/05/18 12:54:26 | 000,000,493 | ---- | C] () -- C:\Windows\System32\wlan.ini
[2009/05/15 17:27:37 | 000,034,304 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/05 15:45:45 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/05/05 15:45:45 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/05/05 15:45:45 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/05/05 15:45:45 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/05/05 13:06:57 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/05 13:06:57 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/05 13:06:57 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/05 13:06:57 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/05 13:06:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/05 13:06:57 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/05 13:06:56 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/05 13:06:56 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/05 13:06:56 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/05 13:06:56 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/05 13:06:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/05 13:06:56 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/05 13:06:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/05 13:06:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/05 13:06:56 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/05 13:06:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/05 13:06:55 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/05 13:06:55 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/05 13:06:55 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/05 13:06:55 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/05 13:06:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/05 13:06:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/05 13:06:52 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/03/07 20:40:53 | 000,001,024 | ---- | M] () -- C:\ (1).rnd
[2009/05/12 20:21:43 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2002/09/03 09:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/07/13 20:28:38 | 000,000,000 | ---- | M] () -- C:\debug1.txt
[2003/03/04 20:36:02 | 000,004,161 | RH-- | M] () -- C:\DELL (1).SDR
[2009/05/05 15:45:54 | 000,003,766 | RH-- | M] () -- C:\dell.sdr
[2003/06/22 21:32:04 | 000,004,790 | -H-- | M] () -- C:\ffastun.ffa
[2003/06/22 21:32:03 | 000,253,952 | -H-- | M] () -- C:\ffastun.ffl
[2003/06/22 21:32:04 | 000,577,536 | -H-- | M] () -- C:\ffastun.ffo
[2003/06/22 21:32:03 | 000,557,056 | -H-- | M] () -- C:\ffastun0.ffx
[2006/07/13 20:28:38 | 000,000,008 | ---- | M] () -- C:\GetFlashID.txt
[2010/08/31 00:14:45 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2003/03/04 21:02:12 | 000,000,332 | -H-- | M] () -- C:\IPH.PH
[2009/05/25 05:10:27 | 000,000,000 | ---- | M] () -- C:\LogMeIn-0784-20090525-051027.dmp
[2009/06/28 23:15:44 | 004,300,291 | ---- | M] () -- C:\LogMeIn-0784-20090628-231544.dmp
[2009/07/10 23:48:05 | 004,300,255 | ---- | M] () -- C:\LogMeIn-0784-20090710-234805.dmp
[2009/07/28 00:36:17 | 004,305,455 | ---- | M] () -- C:\LogMeIn-0784-20090728-003617.dmp
[2009/12/03 00:53:25 | 002,801,932 | ---- | M] () -- C:\LogMeIn-0982-20091202-235324.dmp
[2009/12/10 10:37:14 | 001,477,580 | ---- | M] () -- C:\LogMeIn-0982-20091210-093714.dmp
[2010/04/14 09:02:54 | 002,798,524 | ---- | M] () -- C:\LogMeIn-0982-20100414-090253.dmp
[2010/06/12 23:37:46 | 000,000,000 | ---- | M] () -- C:\LogMeIn-1310-20100612-233746.dmp
[2010/06/19 23:01:53 | 002,805,812 | ---- | M] () -- C:\LogMeIn-1310-20100619-230153.dmp
[2010/08/31 00:14:44 | 3791,929,344 | -HS- | M] () -- C:\pagefile.sys
[2010/08/22 23:33:00 | 000,093,056 | ---- | M] (GMER) -- C:\pflyykoc.sys
[2010/08/20 23:33:58 | 073,765,816 | ---- | M] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/25 18:15:52 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/20 18:07:04 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.in

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4511

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/30/2010 11:42:53 PM
mbam-log-2010-08-30 (23-42-53).txt

Scan type: Quick scan
Objects scanned: 180833
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 00:13:10
Windows 6.0.6002 Service Pack 2
Running: lhtwyjr3.exe; Driver: C:\Users\David\AppData\Local\Temp\pflyykoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82840D88]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82840DB2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82840D9E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82840D74]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 822729D2 5 Bytes JMP 82840D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82437DA3 5 Bytes JMP 82840DB6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 824574FA 7 Bytes JMP 82840D8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 824577BD 5 Bytes JMP 82840DA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[464] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[464] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00340000
.text C:\Windows\system32\svchost.exe[464] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00340FCA
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 003100BC
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00310F76
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00310F4A
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00310F65
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00310FA2
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 0031002C
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 0031003D
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00310F87
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00310FBD
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00310069
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 0031007A
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 0031004E
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 003100A1
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00310F39
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[464] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 003100E1
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 0033005D
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!system 770E804B 5 Bytes JMP 00330042
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00330FD2
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_open 770ED106 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00330031
.text C:\Windows\system32\svchost.exe[464] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 0033000C
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00300051
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00300FB9
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00300040
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 0030006C
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00300FD4
.text C:\Windows\system32\svchost.exe[464] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00300025
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 0032001B
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00320040
.text C:\Windows\system32\svchost.exe[464] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00320051
.text C:\Windows\system32\svchost.exe[464] WS2_32.dll!socket 763036D1 5 Bytes JMP 002F0000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[512] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 71809AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[512] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 71809A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\services.exe[664] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 0088000A
.text C:\Windows\system32\services.exe[664] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00880FEF
.text C:\Windows\system32\services.exe[664] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00880025
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 002E0F79
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 002E0F8A
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 002E00F5
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 002E0F5E
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 002E0089
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 002E0025
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 002E0036
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 002E00B5
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 002E0FAF
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 002E006C
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 002E0FCA
.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 002E0051
.text C:\Windows\system32\services.exe[664] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 002E009A
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 002E0F43
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 002E0FEF
.text C:\Windows\system32\services.exe[664] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 002E000A
.text C:\Windows\system32\services.exe[664] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 002E00D0
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 008E0F91
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 008E0FB6
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 008E0000
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 008E003D
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 008E004E
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 008E0FDB
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 008E0011
.text C:\Windows\system32\services.exe[664] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 008E002C
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00D90FA3
.text C:\Windows\system32\services.exe[664] msvcrt.dll!system 770E804B 5 Bytes JMP 00D9002E
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00D9001D
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_open 770ED106 5 Bytes JMP 00D90000
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00D90FBE
.text C:\Windows\system32\services.exe[664] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00D90FE3
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 008F000A
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 008F0025
.text C:\Windows\system32\services.exe[664] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 008F0FD4
.text C:\Windows\system32\services.exe[664] WS2_32.dll!socket 763036D1 5 Bytes JMP 008D0FE5
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 0019000A
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00190036
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00190025
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 001800B3
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 001800A2
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 001800D8
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00180F41
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00180076
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00180014
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 0018002F
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00180087
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00180F9E
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00180051
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00180FAF
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00180040
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00180F77
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 001800E9
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00180FDE
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00180FEF
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00180F52
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 008D0F9E
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 008D0FC0
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 008D0FAF
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 008D005B
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 008D001B
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 008D000A
.text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 008D002C
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00DF0F9C
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!system 770E804B 5 Bytes JMP 00DF0027
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00DF0FD2
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_open 770ED106 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00DF0FC1
.text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00DF000C
.text C:\Windows\system32\lsass.exe[684] WS2_32.dll!socket 763036D1 5 Bytes JMP 001A0FE5
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 008F0FE5
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 008F0FD4
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 008F0FC3
.text C:\Windows\system32\lsass.exe[684] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 008F0FB2
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00AC0FE5
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00AC0FD4
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00AC0000
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 009100BF
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 009100AE
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00910F5E
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 009100EB
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00910F83
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00910FB9
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00910089
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00910051
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00910FA8
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00910040
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00910025
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00910078
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00910F4D
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00910FD4
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[772] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 009100D0
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 009B0FA6
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!system 770E804B 5 Bytes JMP 009B0FC1
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 009B0FD2
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_open 770ED106 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 009B0027
.text C:\Windows\system32\svchost.exe[772] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 009B0FE3
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00900FD4
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00900FE5
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00900076
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00900091
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00900036
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00900025
.text C:\Windows\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00900051
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 009A0FEF
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 009A000A
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 009A001B
.text C:\Windows\system32\svchost.exe[772] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 009A002C
.text C:\Windows\system32\svchost.exe[772] WS2_32.dll!socket 763036D1 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 003E0FE5
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 003E0FC3
.text C:\Windows\system32\svchost.exe[872] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 003E0FD4
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 003D0F46
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 003D0F57
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 003D00B1
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 003D0F1A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 003D0F8D
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 003D0FCA
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 003D001B
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 003D0082
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 003D0067
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 003D0F9E
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 003D0040
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 003D0FB9
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 003D0F7C
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 003D00C2
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 003D000A
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[872] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 003D0F2B
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 006F0FAD
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!system 770E804B 5 Bytes JMP 006F0042
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 006F0FD2
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_open 770ED106 5 Bytes JMP 006F0FEF
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 006F0027
.text C:\Windows\system32\svchost.exe[872] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 006F000C
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 0069006F
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00690FC3
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00690000
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 0069004A
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00690080
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00690FEF
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 0069001B
.text C:\Windows\system32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00690FD4
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 006A0000
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 006A0FDE
.text C:\Windows\system32\svchost.exe[872] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 006A0025
.text C:\Windows\system32\svchost.exe[872] WS2_32.dll!socket 763036D1 5 Bytes JMP 00680000
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 008F0FE5
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 008F001B
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 007C0F4B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 007C0091
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 007C0F1C
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 007C00B3
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 007C0F6D
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 007C0FE5
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 007C0FCA
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 007C0076
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 007C0F8A
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 007C0047
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 007C0F9B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 007C0036
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 007C0F5C
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 007C0F0B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 007C001B
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 007C0000
.text C:\Windows\system32\svchost.exe[936] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 007C00A2
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00A70FB0
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!system 770E804B 5 Bytes JMP 00A70FC1
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00A70016
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_open 770ED106 5 Bytes JMP 00A70FE3
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00A70031
.text C:\Windows\system32\svchost.exe[936] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00A70FD2
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00910FC0
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00910047
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00910062
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 0091007D
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00910FDB
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00910011
.text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00910036
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00A60FEF
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00A6000A
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00A60FD4
.text C:\Windows\system32\svchost.exe[936] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00A6001B
.text C:\Windows\system32\svchost.exe[936] WS2_32.dll!socket 763036D1 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01C10FEF
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01C1001E
.text C:\Windows\System32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 01C10FDE
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 01C00F3C
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 01C00F4D
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 01C000AE
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 01C00F17
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 01C00F6F
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 01C00FC0
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 01C00FAF
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 01C00F5E
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 01C0003D
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 01C0001B
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 01C0002C
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 01C00F94
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 01C0006E
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 01C00F06
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 01C00FDB
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 01C00000
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 01C0009D
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 020C0F9C
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!system 770E804B 5 Bytes JMP 020C0FAD
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 020C0FD2
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_open 770ED106 5 Bytes JMP 020C0000
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 020C0027
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 020C0FE3
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 01B70080
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 01B7005B
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 01B7000A
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 01B70FD4
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 01B70FC3
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 01B70FEF
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 01B7001B
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 01B70040
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 020B0FEF
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 020B000A
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 020B0FDE
.text C:\Windows\System32\svchost.exe[1056] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 020B002F
.text C:\Windows\System32\svchost.exe[1056] WS2_32.dll!socket 763036D1 5 Bytes JMP 01620FE5
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01200FEF
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01200FCD
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 01200FDE
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00FD0F59
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00FD009F
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00FD00C4
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00FD0F2D
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00FD006C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00FD001B
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00FD0FCA
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00FD008E
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00FD0051
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00FD0036
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00FD0F94
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00FD0FAF
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00FD007D
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00FD00D5
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00FD0000
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00FD0FE5
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00FD0F48
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 018C007A
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!system 770E804B 5 Bytes JMP 018C005F
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 018C0029
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_open 770ED106 5 Bytes JMP 018C000C
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 018C004E
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 018C0FEF
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 018A0FC0
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 018A0051
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 018A000A
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 018A0062
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 018A0FA5
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 018A0FDB
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 018A001B
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 018A0036
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 018B0FEF
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 018B0014
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 018B002F
.text C:\Windows\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 018B0040
.text C:\Windows\System32\svchost.exe[1096] WS2_32.dll!socket 763036D1 5 Bytes JMP 01210FEF
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01DB0FEF
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01DB001B
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 01DB000A
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!NtWriteVirtualMemory 77CB5674 5 Bytes JMP 003F000A
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!KiUserExceptionDispatcher 77CB5DC8 5 Bytes JMP 003D000A
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 01D6008C
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 01D60071
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 01D60F10
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 01D60F2B
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 01D60F5E
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 01D6001B
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 01D60FCA
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 01D60F3C
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 01D60F79
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 01D60FAF
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 01D60F8A
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 01D6002C
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 01D60F4D
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 01D600CC
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 01D6000A
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 01D60FEF
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 01D600A7
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 01E70FB7
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!system 770E804B 5 Bytes JMP 01E70042
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 01E7000C
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_open 770ED106 5 Bytes JMP 01E70FEF
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 01E70027
.text C:\Windows\system32\svchost.exe[1168] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 01E70FD2
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 01E10058
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 01E1003D
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 01E10000
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 01E10FB6
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 01E10FA5
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 01E10FDB
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 01E10011
.text C:\Windows\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 01E1002C
.text C:\Windows\system32\svchost.exe[1168] ole32.dll!CoCreateInstance 76949EA6 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[1168] USER32.dll!GetCursorPos 76DD0B88 5 Bytes JMP 01C6000A
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 01E60000
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 01E60FEF
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 01E60FDE
.text C:\Windows\system32\svchost.exe[1168] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 01E6002F
.text C:\Windows\system32\svchost.exe[1168] WS2_32.dll!socket 763036D1 5 Bytes JMP 01DC0FEF
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00020000
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 0002001B
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00010F63
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 000100B3
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 000100E9
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00010F52
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00010F88
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00010FA3
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 0001005B
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00010104
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 000100C4
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00D20011
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!system 770E804B 5 Bytes JMP 00D20F90
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 00D20FBC
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_open 770ED106 5 Bytes JMP 00D20000
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00D20FA1
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 00D20FD7
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00D00F83
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00D00F9E
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00D00FE5
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00D0001B
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00D00036
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00D00FB9
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00D00FD4
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00D0000A
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00D10014
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00D1002F
.text C:\Windows\system32\svchost.exe[1272] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00D1004A
.text C:\Windows\system32\svchost.exe[1272] WS2_32.dll!socket 763036D1 5 Bytes JMP 00CF0FEF
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00F5000A
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00F50040
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00F5001B
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00EE00A9
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00EE0084
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 00EE0F19
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00EE0F34
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 00EE0073
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00EE0FCA
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00EE001B
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00EE0F59
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00EE0062
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00EE0FA5
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00EE0051
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00EE0036
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00EE0F7E
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00EE0F08
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00EE0FDB
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00EE0000
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00EE00BA
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 01740FD4
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!system 770E804B 5 Bytes JMP 0174005F
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 01740033
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_open 770ED106 5 Bytes JMP 01740FEF
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 0174004E
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 0174000C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00780047
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 0078002C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00780FA5
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00780062
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00780FCA
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00FF0000
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00FF0FE5
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00FF0FD4
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00FF0FC3
.text C:\Windows\system32\svchost.exe[1348] WS2_32.dll!socket 763036D1 5 Bytes JMP 00FA0000
.text C:\Windows\System32\svchost.exe[1436] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 001A0FE5
.text C:\Windows\System32\svchost.exe[1436] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 001A0011
.text C:\Windows\System32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 001A0000
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00170F68
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 001700AE
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 001700D3
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00170F3C
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 0017005D
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00170FCA
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 0017001B
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00170093
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00170F83
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00170FA5
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00170F94
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 0017002C
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00170082
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 00170F21
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 00170000
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[1436] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00170F4D
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 00190FAF
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!system 770E804B 5 Bytes JMP 00190FCA
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 0019003A
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_open 770ED106 5 Bytes JMP 00190000
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 00190FEF
.text C:\Windows\System32\svchost.exe[1436] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 0019001D
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 0002006C
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00020040
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 0002000A
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 0002005B
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00020FAF
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00020FCA
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00020FEF
.text C:\Windows\System32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00020025
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 00180000
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 00180FDB
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 00180FCA
.text C:\Windows\System32\svchost.exe[1436] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 00180FAF
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00950036
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 00950025
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 00940F4A
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 00940F6F
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 009400B5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 00940F1E
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 0094007F
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 00940036
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 00940F80
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 00940FA5
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 00940051
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 00940062
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 00940FCA
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 00940090
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 009400C6
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 0094001B
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 00940F39
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 009D0FD2
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!system 770E804B 5 Bytes JMP 009D005D
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 009D0FE3
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_open 770ED106 5 Bytes JMP 009D0000
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 009D0042
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 009D0011
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00920FA8
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00920FC3
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00920FEF
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 0092004A
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00920065
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00920014
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00920FDE
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00920025
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 009C0000
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 009C0011
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 009C0FE5
.text C:\Windows\system32\svchost.exe[1476] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 009C0FCA
.text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!socket 763036D1 5 Bytes JMP 009A0FEF
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 01060000
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 01060040
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 0106001B
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 76A41929 5 Bytes JMP 010500A7
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 76A419C9 5 Bytes JMP 01050096
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessW 76A41BF3 5 Bytes JMP 010500E4
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessA 76A41C28 5 Bytes JMP 010500C9
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!VirtualProtect 76A41DC3 5 Bytes JMP 01050071
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeA 76A42EF5 5 Bytes JMP 01050014
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeW 76A45C0C 5 Bytes JMP 01050FC3
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreatePipe 76A68E6E 5 Bytes JMP 01050F61
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 76A69109 5 Bytes JMP 01050F97
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryW 76A69362 5 Bytes JMP 01050FA8
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 76A694B4 5 Bytes JMP 01050054
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryA 76A694DC 5 Bytes JMP 0105002F
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 76A6DBDA 5 Bytes JMP 01050F7C
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetProcAddress 76A8903B 5 Bytes JMP 010500F5
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileW 76A8AECB 5 Bytes JMP 01050FDE
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileA 76A8CE5F 5 Bytes JMP 01050FEF
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!WinExec 76AD5CF7 5 Bytes JMP 010500B8
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 011D0038
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!system 770E804B 5 Bytes JMP 011D0FAD
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 011D0FD9
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_open 770ED106 5 Bytes JMP 011D0000
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 011D0FC8
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 011D001D
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00930F68
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00930F8D
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00930FEF
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00930014
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 00930025
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00930FAF
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00930FD4
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 00930F9E
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenA 76E7D690 5 Bytes JMP 01140FEF
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenW 76E7DB09 5 Bytes JMP 01140FDE
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenUrlA 76E7F3A4 5 Bytes JMP 01140014
.text C:\Windows\system32\svchost.exe[1696] WININET.dll!InternetOpenUrlW 76EC6DDF 5 Bytes JMP 01140025
.text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!socket 763036D1 5 Bytes JMP 010B0FEF
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtCreateFile 77CB43D4 5 Bytes JMP 00040FEF
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtCreateProcess 77CB4494 5 Bytes JMP 00040FDE
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtProtectVirtualMemory 77CB4D34 5 Bytes JMP 0094000A
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!NtWriteVirtualMemory 77CB5674 5 Bytes JMP 00CE000A
.text C:\Windows\Explorer.EXE[5612] ntdll.dll!KiUserExceptionDispatcher 77CB5DC8 5 Bytes JMP 0093000A
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyExA 763639AB 5 Bytes JMP 00190F97
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyA 76363BA9 5 Bytes JMP 00190FC3
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyA 763689C7 5 Bytes JMP 00190000
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyW 7637391E 5 Bytes JMP 00190FA8
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegCreateKeyExW 763741F1 5 Bytes JMP 0019004A
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyExA 76377C42 5 Bytes JMP 00190FDE
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyW 7637E2B5 5 Bytes JMP 00190FEF
.text C:\Windows\Explorer.EXE[5612] ADVAPI32.dll!RegOpenKeyExW 76387BA1 5 Bytes JMP 0019002F
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_wsystem 770E7F2F 5 Bytes JMP 001A002C
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!system 770E804B 5 Bytes JMP 001A0011
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_creat 770EBBE1 5 Bytes JMP 001A0FB5
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_open 770ED106 5 Bytes JMP 001A0FEF
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_wcreat 770ED326 5 Bytes JMP 001A0000
.text C:\Windows\Explorer.EXE[5612] msvcrt.dll!_wopen 770ED501 5 Bytes JMP 001A0FC6

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[552] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00FD76E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[552] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00FD7740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 8/31/2010 12:21:40 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 218.73 Gb Free Space | 77.18% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.71 Gb Free Space | 59.45% Space Free | Partition Type: NTFS
Drive E: | 23.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON530
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========


PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MPF\MpfAlert.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\sminst\SftService.exe (SoftThinks)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\spybot - search & destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\dlbacoms.exe ( )
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Windows\sminst\sftservice.EXE (SoftThinks)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\spybot - search & destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (dlba_device) -- C:\Windows\System32\dlbacoms.exe ( )
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (rwkkg) -- C:\Windows\System32\drivers\ranchvug.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (42163022) -- C:\Windows\System32\DRIVERS\42163022.sys File not found
DRV - (utm2mjmy) -- C:\Windows\System32\drivers\utm2mjmy.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (42163021) -- C:\Windows\System32\drivers\42163021.sys (Kaspersky Lab)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (XLoader) PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys) -- C:\Windows\System32\drivers\XLoader.sys (Plextor Corp.)
DRV - (WISTechVIDCAP) -- C:\Windows\System32\drivers\Xstream.sys (Plextor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {E6655746-20E7-4A9A-8DEE-1E60EC0427B5}:1.9.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/25 13:55:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3DA5B818-3102-48AE-B57E-8E4D5529150F}: C:\Windows\system32\config\systemprofile\AppData\Local\{3DA5B818-3102-48AE-B57E-8E4D5529150F}\ [2010/08/25 18:17:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 22:25:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 17:40:53 | 000,000,000 | ---D | M]

[2010/08/25 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2010/04/04 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/08/25 18:05:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\n8ycsuei.default\extensions
[2010/08/25 18:05:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\n8ycsuei.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/25 17:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/08/22 07:47:08 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/08/20 21:20:32 | 000,416,853 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14389 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100825222520.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5334504D-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/mpg4sax.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 18:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/25 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Mozilla
[2010/08/25 17:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/22 23:33:00 | 000,093,056 | ---- | C] (GMER) -- C:\pflyykoc.sys
[2010/08/22 22:47:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/21 14:12:38 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Virus Removal Tool1
[2010/08/21 00:04:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Threat Expert
[2010/08/20 23:42:11 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\4216302.sys
[2010/08/20 23:42:11 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\42163021.sys
[2010/08/20 23:42:11 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Virus Removal Tool
[2010/08/20 23:40:38 | 073,765,816 | ---- | C] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/20 23:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/08/20 22:35:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/20 22:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/20 22:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/20 21:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/20 19:33:21 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Roaming\Earthlink
[2010/08/20 19:28:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2010/08/20 19:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/17 19:50:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/17 19:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/17 19:49:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/17 19:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/17 19:23:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/17 17:19:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\com.titleist.gbf.pga.7CDAE941C65273973F33EE01488E285A2B576605.1
[2010/08/17 17:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Titleist Golf Ball Fitting
[2010/08/12 08:13:03 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/12 08:12:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/12 08:12:56 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/12 08:12:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/12 08:12:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/12 08:12:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/12 08:12:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/12 08:12:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/12 08:12:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/12 08:12:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/12 08:12:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/12 08:12:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/12 08:12:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/12 08:12:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/12 08:12:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/12 08:12:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/12 08:12:53 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/12 08:12:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/12 08:12:32 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/12 08:12:32 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/05/18 13:09:25 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbaserv.dll
[2009/05/18 13:09:25 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbausb1.dll
[2009/05/18 13:09:25 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbainpa.dll
[2009/05/18 13:09:25 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbaiesc.dll
[2009/05/18 13:09:25 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBAhcp.dll
[2009/05/18 13:09:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbaprox.dll
[2009/05/18 13:09:24 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbahbn3.dll
[2009/05/18 13:09:24 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbacomc.dll
[2009/05/18 13:09:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbapmui.dll
[2009/05/18 13:09:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbalmpm.dll
[2009/05/18 13:09:24 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbacomm.dll
[2009/05/18 13:09:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbapplc.dll

========== Files - Modified Within 30 Days ==========

[2010/08/31 00:24:20 | 007,077,888 | -HS- | M] () -- C:\Users\David\NTUSER.DAT
[2010/08/31 00:18:35 | 000,524,288 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/31 00:18:35 | 000,065,536 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/31 00:18:16 | 003,381,587 | -H-- | M] () -- C:\Users\David\AppData\Local\IconCache.db
[2010/08/31 00:15:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 00:15:04 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 00:15:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/31 00:14:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/31 00:14:45 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/31 00:14:39 | 457,710,156 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/30 23:38:48 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{55DA8026-62CE-4E82-B28F-89333ADDF3C8}.job
[2010/08/30 23:35:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3F5D6C48-F742-41F9-9309-2770C0A97CB0}.job
[2010/08/25 18:15:52 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/25 18:14:21 | 377,979,152 | ---- | M] () -- C:\Users\David\Desktop\backup.reg
[2010/08/22 23:33:00 | 000,093,056 | ---- | M] (GMER) -- C:\pflyykoc.sys
[2010/08/21 02:26:47 | 000,000,112 | ---- | M] () -- C:\ProgramData\rORs6m1KO.dat
[2010/08/20 23:58:17 | 000,721,296 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/20 23:58:17 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/20 23:58:17 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/20 23:54:54 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\utm2mjmy.sys
[2010/08/20 23:33:58 | 073,765,816 | ---- | M] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/20 22:25:40 | 000,001,740 | ---- | M] () -- C:\Users\David\Documents\cc_20100820_222537.reg
[2010/08/20 21:20:32 | 000,416,853 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/20 19:28:42 | 000,005,086 | ---- | M] () -- C:\Users\David\Documents\cc_20100820_192839.reg
[2010/08/17 17:09:46 | 000,003,122 | ---- | M] () -- C:\Users\David\AppData\Local\Brigalajoqibuz.dat
[2010/08/15 14:21:17 | 000,000,403 | ---- | M] () -- C:\Windows\dellstat.ini
[2010/08/13 09:58:18 | 000,414,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/09 16:26:07 | 000,034,304 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/08/25 18:15:41 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/25 18:13:28 | 377,979,152 | ---- | C] () -- C:\Users\David\Desktop\backup.reg
[2010/08/24 22:23:36 | 3478,310,912 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 23:31:18 | 457,710,156 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/22 04:10:01 | 000,001,024 | -H-- | C] () -- C:\Users\David\ntuser.dat.LOG
[2010/08/21 02:26:47 | 000,000,112 | ---- | C] () -- C:\ProgramData\rORs6m1KO.dat
[2010/08/20 23:54:50 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utm2mjmy.sys
[2010/08/20 22:25:39 | 000,001,740 | ---- | C] () -- C:\Users\David\Documents\cc_20100820_222537.reg
[2010/08/20 19:28:40 | 000,005,086 | ---- | C] () -- C:\Users\David\Documents\cc_20100820_192839.reg
[2010/07/01 20:55:47 | 000,003,122 | ---- | C] () -- C:\Users\David\AppData\Local\Brigalajoqibuz.dat
[2010/07/01 20:55:47 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\Spituj.bin
[2009/11/24 23:28:44 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2009/11/24 23:23:51 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/11/24 23:16:45 | 000,122,880 | ---- | C] () -- C:\Windows\System32\cddvdint.dll
[2009/11/24 23:12:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/11/24 23:12:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/11/24 23:12:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/11/24 23:12:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/11/24 23:12:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/11/24 23:12:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/08/30 20:32:17 | 000,001,330 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2009/08/18 13:29:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/18 13:10:37 | 000,000,403 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/05/18 13:09:25 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbautil.dll
[2009/05/18 13:09:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBAinst.dll
[2009/05/18 13:09:24 | 000,479,232 | ---- | C] () -- C:\Windows\System32\dlbajswr.dll
[2009/05/18 13:09:24 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbainsb.dll
[2009/05/18 13:09:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\dlbains.dll
[2009/05/18 13:09:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbacur.dll
[2009/05/18 13:09:24 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbainsr.dll
[2009/05/18 13:09:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbacu.dll
[2009/05/18 13:06:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/05/18 13:06:45 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/05/18 13:06:03 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbacnv4.dll
[2009/05/18 13:06:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbavs.dll
[2009/05/18 13:06:01 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbacoin.dll
[2009/05/18 12:54:40 | 000,040,960 | ---- | C] () -- C:\Windows\System32\WMPCI54G.dll
[2009/05/18 12:54:26 | 000,000,493 | ---- | C] () -- C:\Windows\System32\wlan.ini
[2009/05/15 17:27:37 | 000,034,304 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/05 15:45:45 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/05/05 15:45:45 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/05/05 15:45:45 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/05/05 15:45:45 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/05/05 13:06:57 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/05 13:06:57 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/05 13:06:57 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/05 13:06:57 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/05 13:06:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/05 13:06:57 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/05 13:06:56 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/05 13:06:56 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/05 13:06:56 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/05 13:06:56 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/05 13:06:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/05 13:06:56 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/05 13:06:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/05 13:06:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/05 13:06:56 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/05 13:06:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/05 13:06:55 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/05 13:06:55 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/05 13:06:55 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/05 13:06:55 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/05 13:06:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/05 13:06:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/05 13:06:52 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/03/07 20:40:53 | 000,001,024 | ---- | M] () -- C:\ (1).rnd
[2009/05/12 20:21:43 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2002/09/03 09:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/07/13 20:28:38 | 000,000,000 | ---- | M] () -- C:\debug1.txt
[2003/03/04 20:36:02 | 000,004,161 | RH-- | M] () -- C:\DELL (1).SDR
[2009/05/05 15:45:54 | 000,003,766 | RH-- | M] () -- C:\dell.sdr
[2003/06/22 21:32:04 | 000,004,790 | -H-- | M] () -- C:\ffastun.ffa
[2003/06/22 21:32:03 | 000,253,952 | -H-- | M] () -- C:\ffastun.ffl
[2003/06/22 21:32:04 | 000,577,536 | -H-- | M] () -- C:\ffastun.ffo
[2003/06/22 21:32:03 | 000,557,056 | -H-- | M] () -- C:\ffastun0.ffx
[2006/07/13 20:28:38 | 000,000,008 | ---- | M] () -- C:\GetFlashID.txt
[2010/08/31 00:14:45 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2003/03/04 21:02:12 | 000,000,332 | -H-- | M] () -- C:\IPH.PH
[2009/05/25 05:10:27 | 000,000,000 | ---- | M] () -- C:\LogMeIn-0784-20090525-051027.dmp
[2009/06/28 23:15:44 | 004,300,291 | ---- | M] () -- C:\LogMeIn-0784-20090628-231544.dmp
[2009/07/10 23:48:05 | 004,300,255 | ---- | M] () -- C:\LogMeIn-0784-20090710-234805.dmp
[2009/07/28 00:36:17 | 004,305,455 | ---- | M] () -- C:\LogMeIn-0784-20090728-003617.dmp
[2009/12/03 00:53:25 | 002,801,932 | ---- | M] () -- C:\LogMeIn-0982-20091202-235324.dmp
[2009/12/10 10:37:14 | 001,477,580 | ---- | M] () -- C:\LogMeIn-0982-20091210-093714.dmp
[2010/04/14 09:02:54 | 002,798,524 | ---- | M] () -- C:\LogMeIn-0982-20100414-090253.dmp
[2010/06/12 23:37:46 | 000,000,000 | ---- | M] () -- C:\LogMeIn-1310-20100612-233746.dmp
[2010/06/19 23:01:53 | 002,805,812 | ---- | M] () -- C:\LogMeIn-1310-20100619-230153.dmp
[2010/08/31 00:14:44 | 3791,929,344 | -HS- | M] () -- C:\pagefile.sys
[2010/08/22 23:33:00 | 000,093,056 | ---- | M] (GMER) -- C:\pflyykoc.sys
[2010/08/20 23:33:58 | 073,765,816 | ---- | M] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/25 18:15:52 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/20 18:07:04 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

[color=#A23BEC]< %systemroot%\Fonts\*.in

#4 mapex

mapex
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 31 August 2010 - 12:52 AM

one other thing to note, the first time I tried to run OTL the computer gave a BSOD and restarted, after the reboot I was able to run OTL fine. Whatever it is also seemed to be trying to keep me from posting to the forum, everytime I hit the "add reply" button, the browser would state that the connection had been reset. I was able to post the file by transferring it to a linux machine to avoid any additional infection.

Edited by mapex, 31 August 2010 - 12:54 AM.


#5 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:19 AM

Posted 31 August 2010 - 10:12 AM

Hi there,

The forum posting problem is because of the rootkit you have, so we'll get rid of that now.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#6 mapex

mapex
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 31 August 2010 - 08:56 PM

ComboFix 10-08-31.01 - David 08/31/2010 20:24:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3316.1971 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\users\David\AppData\Local\{E6655746-20E7-4A9A-8DEE-1E60EC0427B5}
c:\users\David\AppData\Local\{E6655746-20E7-4A9A-8DEE-1E60EC0427B5}\chrome.manifest
c:\users\David\AppData\Local\{E6655746-20E7-4A9A-8DEE-1E60EC0427B5}\chrome\content\_cfg.js
c:\users\David\AppData\Local\{E6655746-20E7-4A9A-8DEE-1E60EC0427B5}\chrome\content\overlay.xul
c:\users\David\AppData\Local\{E6655746-20E7-4A9A-8DEE-1E60EC0427B5}\install.rdf
c:\windows\system32\%appdata%
D:\AUTORUN.INF

.
((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-09-01 01:36 . 2010-09-01 01:40 -------- d-----w- c:\users\David\AppData\Local\temp
2010-09-01 01:36 . 2010-09-01 01:36 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2010-08-31 05:34 . 2010-08-31 05:34 -------- d-----w- c:\users\JoElen\AppData\Local\Mozilla
2010-08-21 05:04 . 2010-08-21 05:04 -------- d-----w- c:\users\David\AppData\Local\Threat Expert
2010-08-21 04:54 . 2010-08-21 04:54 7168 ----a-w- c:\windows\system32\drivers\utm2mjmy.sys
2010-08-21 04:42 . 2009-10-10 04:31 311312 ----a-w- c:\windows\system32\drivers\4216302.sys
2010-08-21 04:42 . 2009-09-25 22:59 128016 ----a-w- c:\windows\system32\drivers\42163021.sys
2010-08-21 04:40 . 2010-08-21 04:33 73765816 ----a-w- C:\setup_9.0.0.722_20.08.2010_21-52.exe
2010-08-21 04:38 . 2010-08-21 04:38 -------- d-----w- c:\users\JoElen\AppData\Local\Threat Expert
2010-08-21 04:37 . 2010-08-23 01:40 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-21 03:35 . 2010-08-21 03:35 -------- d-----w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com
2010-08-21 03:30 . 2010-08-21 03:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-21 03:28 . 2010-08-21 03:28 -------- d-----w- c:\program files\Trend Micro
2010-08-21 02:17 . 2010-08-21 03:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-21 00:33 . 2010-08-21 00:33 -------- d-sh--w- c:\users\David\AppData\Roaming\Earthlink
2010-08-21 00:28 . 2010-08-21 00:28 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2010-08-21 00:11 . 2010-08-21 00:11 -------- d-----w- c:\program files\CCleaner
2010-08-21 00:08 . 2010-08-21 00:08 -------- d-sh--w- c:\users\JoElen\AppData\Roaming\Earthlink
2010-08-20 22:57 . 2010-08-20 23:03 680 ----a-w- c:\users\JoElen\AppData\Local\d3d9caps.dat
2010-08-18 00:50 . 2010-08-18 00:50 -------- d-----w- c:\users\JoElen\AppData\Roaming\Malwarebytes
2010-08-18 00:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 00:50 . 2010-08-18 00:50 -------- d-----w- c:\programdata\Malwarebytes
2010-08-18 00:49 . 2010-08-23 02:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 00:49 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 22:19 . 2010-08-17 22:19 -------- d-----w- c:\users\David\AppData\Roaming\com.titleist.gbf.pga.7CDAE941C65273973F33EE01488E285A2B576605.1
2010-08-17 22:19 . 2010-08-17 22:19 -------- d-----w- c:\program files\Titleist Golf Ball Fitting
2010-08-12 13:13 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 05:00 . 2009-05-13 01:21 -------- d-----w- c:\program files\LogMeIn
2010-08-25 23:40 . 2010-08-25 23:15 -------- d-----w- c:\programdata\Update
2010-08-23 04:33 . 2010-08-23 04:33 93056 ----a-w- C:\pflyykoc.sys
2010-08-22 14:09 . 2009-05-18 18:06 -------- d-----w- c:\program files\Dell PC Fax
2010-08-22 14:04 . 2009-05-14 18:17 -------- d-----w- c:\program files\quicktime
2010-08-21 07:26 . 2010-08-21 07:26 112 ----a-w- c:\programdata\rORs6m1KO.dat
2010-08-21 07:23 . 2010-07-25 18:25 -------- d-----w- c:\program files\iTunes
2010-08-21 07:23 . 2009-05-18 18:09 -------- d-----w- c:\program files\Dell AIO Printer A940
2010-08-21 03:35 . 2010-08-21 03:35 63488 ----a-w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-21 03:35 . 2010-08-21 03:35 52224 ----a-w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-21 03:35 . 2010-08-21 03:35 117760 ----a-w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 03:28 . 2010-08-21 03:28 388096 ----a-r- c:\users\JoElen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-21 02:19 . 2009-05-14 18:17 -------- d-----w- c:\program files\spybot - search & destroy
2010-08-17 22:17 . 2009-05-05 18:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-17 22:09 . 2010-07-02 01:55 3122 ----a-w- c:\users\David\AppData\Local\Brigalajoqibuz.dat
2010-08-17 00:36 . 2010-06-25 05:14 -------- d-----w- c:\program files\McAfee
2010-08-13 14:40 . 2009-05-05 18:04 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 14:38 . 2010-01-01 21:12 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 14:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-28 02:04 . 2010-01-02 04:39 -------- d-----w- c:\users\JoElen\AppData\Roaming\Clip Art Collection
2010-07-25 20:47 . 2010-04-18 20:09 -------- d-----w- c:\users\JoElen\AppData\Roaming\Apple Computer
2010-07-25 20:45 . 2009-12-30 17:19 -------- d-----w- c:\users\David\AppData\Roaming\Apple Computer
2010-07-25 18:26 . 2010-07-25 18:26 -------- d-----w- c:\program files\iPod
2010-07-25 18:25 . 2009-12-30 17:14 -------- d-----w- c:\program files\Common Files\Apple
2010-07-25 18:25 . 2009-12-30 17:16 -------- d-----w- c:\programdata\Apple Computer
2010-07-25 18:20 . 2010-07-25 18:20 -------- d-----w- c:\program files\Bonjour
2010-07-25 18:17 . 2010-07-25 18:17 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-10 02:34 . 2009-12-13 18:33 -------- d-----w- c:\users\David\AppData\Roaming\Clip Art Collection
2010-07-09 21:51 . 2010-07-09 21:51 -------- d-----w- c:\users\Ryan\AppData\Roaming\Yahoo!
2010-07-09 21:50 . 2010-07-09 21:50 -------- d-----w- c:\users\Ryan\AppData\Roaming\Apple Computer
2010-07-09 21:50 . 2009-05-13 02:02 117512 ----a-w- c:\users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-09 21:45 . 2010-07-02 01:55 0 ----a-w- c:\users\David\AppData\Local\Spituj.bin
2010-07-08 00:53 . 2009-05-23 14:35 3284 ----a-w- c:\users\JoElen\AppData\Roaming\wklnhst.dat
2010-06-26 06:05 . 2010-08-12 13:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 13:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 13:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 13:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-18 17:31 . 2010-08-12 13:12 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 13:12 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 13:12 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 13:12 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 13:12 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 13:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 20:42 . 2009-05-13 01:21 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 20:42 . 2009-05-13 01:22 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 20:42 . 2009-05-13 01:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-08 17:35 . 2010-08-12 13:12 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 13:12 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-03 02:19 . 2010-06-03 02:19 10134 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}\ARPPRODUCTICON.exe
2010-04-27 22:16 . 2010-08-26 03:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-05-05 20:26 . 2009-05-05 20:23 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
CODE
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Dell AIO Printer A940\dlbamon .exe
c:\program files\Dell PC Fax\fm3032 .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\quicktime\QTTask .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [N/A]

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\JoElen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2008-11-03 14:54 1745648 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:d9,c4,74,e1,ed,21,ca,01

R0 42163022;42163022 Boot Guard Driver;c:\windows\system32\DRIVERS\42163022.sys [x]
R0 rwkkg;rwkkg;c:\windows\System32\drivers\ranchvug.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
R3 utm2mjmy;AVZ Kernel Driver;c:\windows\system32\Drivers\utm2mjmy.sys [2010-08-21 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\Drivers\XLoader.sys [2004-09-04 13184]
S1 42163021;42163021;c:\windows\system32\DRIVERS\42163021.sys [2009-09-25 128016]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe [2007-03-05 538096]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\User_Feed_Synchronization-{3F5D6C48-F742-41F9-9309-2770C0A97CB0}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{55DA8026-62CE-4E82-B28F-89333ADDF3C8}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.dellnet.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Trusted Zone: sbcglobal.net
Trusted Zone: turbotax.com
Trusted Zone: yahoo.com
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\n8ycsuei.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {3DA5B818-3102-48AE-B57E-8E4D5529150F} - c:\windows\system32\config\systemprofile\AppData\Local\{3DA5B818-3102-48AE-B57E-8E4D5529150F}\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{346DE098-61F9-4B42-89DA-6DFBA7091BB6} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 20:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86748ACE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82be2d24
\Driver\ACPI -> acpi.sys @ 0x8069cd68
\Driver\atapi -> ataport.SYS @ 0x807b2a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(848)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-31 20:47:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-01 01:47

Pre-Run: 234,678,013,952 bytes free
Post-Run: 234,612,633,600 bytes free

- - End Of File - - 0FCCE2376A4F19FD56CF49A5BA19A770


#7 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:19 AM

Posted 31 August 2010 - 09:32 PM

Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
File::
c:\windows\system32\drivers\4216302.sys
c:\windows\system32\drivers\42163021.sys
C:\pflyykoc.sys
c:\users\David\AppData\Local\Brigalajoqibuz.dat
c:\users\David\AppData\Local\Spituj.bin
c:\windows\System32\drivers\ranchvug.sys

RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Dell AIO Printer A940\dlbamon .exe
c:\program files\Dell PC Fax\fm3032 .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\quicktime\QTTask .exe

Driver::
42163022
rwkkg
42163021
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#8 mapex

mapex
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 31 August 2010 - 10:14 PM

ComboFix 10-08-31.01 - David 08/31/2010 21:45:43.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3316.2305 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"C:\pflyykoc.sys"
"c:\users\David\AppData\Local\Brigalajoqibuz.dat"
"c:\users\David\AppData\Local\Spituj.bin"
"c:\windows\system32\drivers\4216302.sys"
"c:\windows\system32\drivers\42163021.sys"
"c:\windows\System32\drivers\ranchvug.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pflyykoc.sys
c:\users\David\AppData\Local\Brigalajoqibuz.dat
c:\users\David\AppData\Local\Spituj.bin
c:\windows\system32\drivers\4216302.sys
c:\windows\system32\drivers\42163021.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_42163021
-------\Legacy_42163022
-------\Service_42163021
-------\Service_42163022
-------\Service_rwkkg


((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-09-01 02:56 . 2010-09-01 03:00 -------- d-----w- c:\users\David\AppData\Local\temp
2010-09-01 02:56 . 2010-09-01 02:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-01 02:56 . 2010-09-01 02:56 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2010-09-01 02:56 . 2010-09-01 02:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-01 02:56 . 2010-09-01 02:56 -------- d-----w- c:\users\Owner\AppData\Local\temp
2010-09-01 02:56 . 2010-09-01 02:56 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2010-09-01 02:56 . 2010-09-01 02:56 -------- d-----w- c:\users\JoElen\AppData\Local\temp
2010-09-01 02:56 . 2010-09-01 02:56 -------- d-----w- c:\users\Jen\AppData\Local\temp
2010-09-01 02:56 . 2010-09-01 02:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-31 05:34 . 2010-08-31 05:34 -------- d-----w- c:\users\JoElen\AppData\Local\Mozilla
2010-08-21 05:04 . 2010-08-21 05:04 -------- d-----w- c:\users\David\AppData\Local\Threat Expert
2010-08-21 04:54 . 2010-08-21 04:54 7168 ----a-w- c:\windows\system32\drivers\utm2mjmy.sys
2010-08-21 04:40 . 2010-08-21 04:33 73765816 ----a-w- C:\setup_9.0.0.722_20.08.2010_21-52.exe
2010-08-21 04:38 . 2010-08-21 04:38 -------- d-----w- c:\users\JoElen\AppData\Local\Threat Expert
2010-08-21 04:37 . 2010-08-23 01:40 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-21 03:35 . 2010-08-21 03:35 -------- d-----w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com
2010-08-21 03:30 . 2010-08-21 03:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-21 03:28 . 2010-08-21 03:28 -------- d-----w- c:\program files\Trend Micro
2010-08-21 02:17 . 2010-08-21 03:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-21 00:33 . 2010-08-21 00:33 -------- d-sh--w- c:\users\David\AppData\Roaming\Earthlink
2010-08-21 00:28 . 2010-08-21 00:28 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes
2010-08-21 00:11 . 2010-08-21 00:11 -------- d-----w- c:\program files\CCleaner
2010-08-21 00:08 . 2010-08-21 00:08 -------- d-sh--w- c:\users\JoElen\AppData\Roaming\Earthlink
2010-08-20 22:57 . 2010-08-20 23:03 680 ----a-w- c:\users\JoElen\AppData\Local\d3d9caps.dat
2010-08-18 00:50 . 2010-08-18 00:50 -------- d-----w- c:\users\JoElen\AppData\Roaming\Malwarebytes
2010-08-18 00:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 00:50 . 2010-08-18 00:50 -------- d-----w- c:\programdata\Malwarebytes
2010-08-18 00:49 . 2010-09-01 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 00:49 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 22:19 . 2010-08-17 22:19 -------- d-----w- c:\users\David\AppData\Roaming\com.titleist.gbf.pga.7CDAE941C65273973F33EE01488E285A2B576605.1
2010-08-17 22:19 . 2010-08-17 22:19 -------- d-----w- c:\program files\Titleist Golf Ball Fitting
2010-08-12 13:13 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 02:45 . 2009-05-14 18:17 -------- d-----w- c:\program files\quicktime
2010-09-01 02:45 . 2010-07-25 18:25 -------- d-----w- c:\program files\iTunes
2010-09-01 02:45 . 2009-05-18 18:09 -------- d-----w- c:\program files\Dell AIO Printer A940
2010-09-01 02:45 . 2009-05-18 18:06 -------- d-----w- c:\program files\Dell PC Fax
2010-08-31 05:00 . 2009-05-13 01:21 -------- d-----w- c:\program files\LogMeIn
2010-08-25 23:40 . 2010-08-25 23:15 -------- d-----w- c:\programdata\Update
2010-08-21 07:26 . 2010-08-21 07:26 112 ----a-w- c:\programdata\rORs6m1KO.dat
2010-08-21 03:35 . 2010-08-21 03:35 63488 ----a-w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-21 03:35 . 2010-08-21 03:35 52224 ----a-w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-21 03:35 . 2010-08-21 03:35 117760 ----a-w- c:\users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 03:28 . 2010-08-21 03:28 388096 ----a-r- c:\users\JoElen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-21 02:19 . 2009-05-14 18:17 -------- d-----w- c:\program files\spybot - search & destroy
2010-08-17 22:17 . 2009-05-05 18:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-17 00:36 . 2010-06-25 05:14 -------- d-----w- c:\program files\McAfee
2010-08-13 14:40 . 2009-05-05 18:04 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 14:38 . 2010-01-01 21:12 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 14:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-28 02:04 . 2010-01-02 04:39 -------- d-----w- c:\users\JoElen\AppData\Roaming\Clip Art Collection
2010-07-25 20:47 . 2010-04-18 20:09 -------- d-----w- c:\users\JoElen\AppData\Roaming\Apple Computer
2010-07-25 20:45 . 2009-12-30 17:19 -------- d-----w- c:\users\David\AppData\Roaming\Apple Computer
2010-07-25 18:26 . 2010-07-25 18:26 -------- d-----w- c:\program files\iPod
2010-07-25 18:25 . 2009-12-30 17:14 -------- d-----w- c:\program files\Common Files\Apple
2010-07-25 18:25 . 2009-12-30 17:16 -------- d-----w- c:\programdata\Apple Computer
2010-07-25 18:20 . 2010-07-25 18:20 -------- d-----w- c:\program files\Bonjour
2010-07-25 18:17 . 2010-07-25 18:17 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-10 02:34 . 2009-12-13 18:33 -------- d-----w- c:\users\David\AppData\Roaming\Clip Art Collection
2010-07-09 21:51 . 2010-07-09 21:51 -------- d-----w- c:\users\Ryan\AppData\Roaming\Yahoo!
2010-07-09 21:50 . 2010-07-09 21:50 -------- d-----w- c:\users\Ryan\AppData\Roaming\Apple Computer
2010-07-09 21:50 . 2009-05-13 02:02 117512 ----a-w- c:\users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-08 00:53 . 2009-05-23 14:35 3284 ----a-w- c:\users\JoElen\AppData\Roaming\wklnhst.dat
2010-06-26 06:05 . 2010-08-12 13:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 13:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 13:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 13:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-18 17:31 . 2010-08-12 13:12 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 13:12 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 13:12 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 13:12 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 13:12 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 13:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 20:42 . 2009-05-13 01:21 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 20:42 . 2009-05-13 01:22 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 20:42 . 2009-05-13 01:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-08 17:35 . 2010-08-12 13:12 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 13:12 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-27 22:16 . 2010-08-26 03:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-05-05 20:26 . 2009-05-05 20:23 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]

c:\users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\JoElen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2008-11-03 14:54 1745648 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:d9,c4,74,e1,ed,21,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-27 83496]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
R3 utm2mjmy;AVZ Kernel Driver;c:\windows\system32\Drivers\utm2mjmy.sys [2010-08-21 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\Drivers\XLoader.sys [2004-09-04 13184]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-27 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-27 160720]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe [2007-03-05 538096]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 141792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\windows\sminst\sftservice.EXE [2009-02-23 632048]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-27 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-27 312616]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\User_Feed_Synchronization-{3F5D6C48-F742-41F9-9309-2770C0A97CB0}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{55DA8026-62CE-4E82-B28F-89333ADDF3C8}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.dellnet.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Trusted Zone: sbcglobal.net
Trusted Zone: turbotax.com
Trusted Zone: yahoo.com
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\n8ycsuei.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {3DA5B818-3102-48AE-B57E-8E4D5529150F} - c:\windows\system32\config\systemprofile\AppData\Local\{3DA5B818-3102-48AE-B57E-8E4D5529150F}\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 22:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x866A3ACE]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82be2d24
\Driver\ACPI -> acpi.sys @ 0x8069ed68
\Driver\atapi -> ataport.SYS @ 0x807b4a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3872)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\McAfee\Core\mchost.exe
.
**************************************************************************
.
Completion time: 2010-08-31 22:06:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-01 03:06
ComboFix2.txt 2010-09-01 01:47

Pre-Run: 234,659,844,096 bytes free
Post-Run: 234,348,945,408 bytes free

- - End Of File - - C64805581A3069D7B3F609DDC5ECC48F


#9 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:19 AM

Posted 31 August 2010 - 10:24 PM

Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#10 mapex

mapex
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 01 September 2010 - 06:48 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4518

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/31/2010 10:48:23 PM
mbam-log-2010-08-31 (22-48-23).txt

Scan type: Quick scan
Objects scanned: 187307
Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 1, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 01, 2010 03:50:33
Records in database: 4172691
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 156074
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:02:26


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir Infected: Trojan.Win32.Clicker.hd 1

Selected area has been scanned.


#11 mapex

mapex
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 01 September 2010 - 07:16 AM

Another thing to note, I was unable to run the kaspersky scan under the infected profile as I was still receiving the block shown in the first post, so it was run under a different profile with admin privileges.

#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:19 AM

Posted 01 September 2010 - 10:59 AM

Hi there,

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 mapex

mapex
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 01 September 2010 - 06:16 PM

OTL logfile created on: 9/1/2010 6:13:17 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 218.11 Gb Free Space | 76.96% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.71 Gb Free Space | 59.45% Space Free | Partition Type: NTFS
Drive E: | 23.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: INSPIRON530
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\Core\mchost.exe (McAfee, Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\sminst\SftService.exe (SoftThinks)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\spybot - search & destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\dlbacoms.exe ( )
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Windows\sminst\sftservice.EXE (SoftThinks)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\spybot - search & destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (dlba_device) -- C:\Windows\System32\dlbacoms.exe ( )
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (utm2mjmy) -- C:\Windows\System32\drivers\utm2mjmy.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (XLoader) PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys) -- C:\Windows\System32\drivers\XLoader.sys (Plextor Corp.)
DRV - (WISTechVIDCAP) -- C:\Windows\System32\drivers\Xstream.sys (Plextor Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {E6655746-20E7-4A9A-8DEE-1E60EC0427B5}:1.9.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/25 13:55:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3DA5B818-3102-48AE-B57E-8E4D5529150F}: C:\Windows\system32\config\systemprofile\AppData\Local\{3DA5B818-3102-48AE-B57E-8E4D5529150F}\ [2010/08/25 18:17:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 22:25:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/31 22:55:57 | 000,000,000 | ---D | M]

[2010/08/25 17:42:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2010/04/04 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/08/25 18:05:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\n8ycsuei.default\extensions
[2010/08/25 18:05:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\n8ycsuei.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/31 22:56:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/31 22:56:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/08/31 22:55:50 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/31 00:34:38 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2010/08/31 21:59:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100825222520.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5334504D-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/mpg4sax.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.220.220 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/31 22:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/31 22:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/31 22:11:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/31 22:11:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2010/08/31 22:05:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/31 21:38:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/31 20:20:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/31 20:20:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/31 20:20:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/31 20:20:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/31 20:19:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/25 18:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/25 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Mozilla
[2010/08/25 17:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/22 22:47:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/21 14:12:38 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Virus Removal Tool1
[2010/08/21 00:04:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Threat Expert
[2010/08/20 23:42:11 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Virus Removal Tool
[2010/08/20 23:40:38 | 073,765,816 | ---- | C] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/20 23:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/08/20 22:35:24 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/20 22:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/20 22:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/20 21:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/20 19:33:21 | 000,000,000 | -HSD | C] -- C:\Users\David\AppData\Roaming\Earthlink
[2010/08/20 19:28:59 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2010/08/20 19:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/17 19:50:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/17 19:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/17 19:49:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/17 19:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/17 19:23:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/17 17:19:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\com.titleist.gbf.pga.7CDAE941C65273973F33EE01488E285A2B576605.1
[2010/08/17 17:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Titleist Golf Ball Fitting
[2010/07/25 13:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/25 13:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/25 13:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/01 20:53:06 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\gwlejuoim
[2010/06/25 00:15:01 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010/06/25 00:14:36 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010/06/25 00:14:36 | 000,160,720 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010/06/25 00:14:36 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/06/25 00:14:36 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010/06/25 00:14:36 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/06/25 00:14:35 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/06/25 00:14:35 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010/06/25 00:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/06/25 00:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/06/25 00:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/05/18 13:09:25 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbaserv.dll
[2009/05/18 13:09:25 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbausb1.dll
[2009/05/18 13:09:25 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbainpa.dll
[2009/05/18 13:09:25 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbaiesc.dll
[2009/05/18 13:09:25 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLBAhcp.dll
[2009/05/18 13:09:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbaprox.dll
[2009/05/18 13:09:24 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbahbn3.dll
[2009/05/18 13:09:24 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbacomc.dll
[2009/05/18 13:09:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbapmui.dll
[2009/05/18 13:09:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbalmpm.dll
[2009/05/18 13:09:24 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbacomm.dll
[2009/05/18 13:09:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbapplc.dll

========== Files - Modified Within 90 Days ==========

[2010/09/01 18:14:08 | 007,077,888 | -HS- | M] () -- C:\Users\David\NTUSER.DAT
[2010/09/01 18:14:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{55DA8026-62CE-4E82-B28F-89333ADDF3C8}.job
[2010/09/01 18:12:34 | 000,707,392 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/01 18:12:34 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/01 18:12:34 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/01 18:07:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/01 18:07:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/01 18:06:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/01 18:06:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/01 18:06:41 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/01 00:17:04 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3F5D6C48-F742-41F9-9309-2770C0A97CB0}.job
[2010/08/31 22:50:54 | 000,524,288 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/31 22:50:54 | 000,065,536 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/31 22:50:52 | 003,536,527 | -H-- | M] () -- C:\Users\David\AppData\Local\IconCache.db
[2010/08/31 22:00:22 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/31 21:59:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/31 00:14:39 | 457,710,156 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/25 18:15:52 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/25 18:14:21 | 377,979,152 | ---- | M] () -- C:\Users\David\Desktop\backup.reg
[2010/08/21 02:26:47 | 000,000,112 | ---- | M] () -- C:\ProgramData\rORs6m1KO.dat
[2010/08/20 23:54:54 | 000,007,168 | ---- | M] () -- C:\Windows\System32\drivers\utm2mjmy.sys
[2010/08/20 23:33:58 | 073,765,816 | ---- | M] ( ) -- C:\setup_9.0.0.722_20.08.2010_21-52.exe
[2010/08/20 22:25:40 | 000,001,740 | ---- | M] () -- C:\Users\David\Documents\cc_20100820_222537.reg
[2010/08/20 19:28:42 | 000,005,086 | ---- | M] () -- C:\Users\David\Documents\cc_20100820_192839.reg
[2010/08/15 14:21:17 | 000,000,403 | ---- | M] () -- C:\Windows\dellstat.ini
[2010/08/13 09:58:18 | 000,414,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/09 16:26:07 | 000,034,304 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/09 21:49:56 | 000,099,328 | ---- | M] () -- C:\Users\David\Documents\Menu.ppt
[2010/07/07 21:32:14 | 000,099,328 | ---- | M] () -- C:\Users\David\Documents\Splish_Splash.ppt
[2010/07/05 16:58:58 | 000,108,032 | ---- | M] () -- C:\Users\David\Documents\Nursery Rhyme Rhetoric_Answers.doc
[2010/07/05 16:29:17 | 000,107,520 | ---- | M] () -- C:\Users\David\Documents\Nursery Rhyme Rhetoric.doc
[2010/07/05 15:31:15 | 000,020,480 | ---- | M] () -- C:\Users\David\Documents\Candy_Answers.xls
[2010/07/05 15:14:33 | 000,019,968 | ---- | M] () -- C:\Users\David\Documents\Candy.xls
[2010/06/19 23:01:53 | 002,805,812 | ---- | M] () -- C:\LogMeIn-1310-20100619-230153.dmp
[2010/06/15 20:34:58 | 000,041,437 | ---- | M] () -- C:\Users\David\Documents\Katy_Trail.pdf
[2010/06/15 20:12:37 | 000,017,408 | ---- | M] () -- C:\Users\David\Documents\Katy.xls
[2010/06/12 23:37:46 | 000,000,000 | ---- | M] () -- C:\LogMeIn-1310-20100612-233746.dmp
[2010/06/09 15:42:30 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2010/06/09 15:42:28 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2010/06/09 15:42:27 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2010/06/07 22:04:38 | 000,524,288 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

========== Files Created - No Company Name ==========

[2010/08/31 20:20:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/31 20:20:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/31 20:20:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/31 20:20:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/31 20:20:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/25 18:15:41 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/25 18:13:28 | 377,979,152 | ---- | C] () -- C:\Users\David\Desktop\backup.reg
[2010/08/24 22:23:36 | 3478,310,912 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/22 23:31:18 | 457,710,156 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/22 04:10:01 | 000,001,024 | -H-- | C] () -- C:\Users\David\ntuser.dat.LOG
[2010/08/21 02:26:47 | 000,000,112 | ---- | C] () -- C:\ProgramData\rORs6m1KO.dat
[2010/08/20 23:54:50 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\utm2mjmy.sys
[2010/08/20 22:25:39 | 000,001,740 | ---- | C] () -- C:\Users\David\Documents\cc_20100820_222537.reg
[2010/08/20 19:28:40 | 000,005,086 | ---- | C] () -- C:\Users\David\Documents\cc_20100820_192839.reg
[2010/07/09 21:41:56 | 000,099,328 | ---- | C] () -- C:\Users\David\Documents\Menu.ppt
[2010/07/07 21:31:33 | 000,099,328 | ---- | C] () -- C:\Users\David\Documents\Splish_Splash.ppt
[2010/07/05 16:51:37 | 000,108,032 | ---- | C] () -- C:\Users\David\Documents\Nursery Rhyme Rhetoric_Answers.doc
[2010/07/05 16:10:55 | 000,107,520 | ---- | C] () -- C:\Users\David\Documents\Nursery Rhyme Rhetoric.doc
[2010/07/05 15:23:48 | 000,020,480 | ---- | C] () -- C:\Users\David\Documents\Candy_Answers.xls
[2010/07/05 14:55:01 | 000,019,968 | ---- | C] () -- C:\Users\David\Documents\Candy.xls
[2010/06/19 23:01:53 | 002,805,812 | ---- | C] () -- C:\LogMeIn-1310-20100619-230153.dmp
[2010/06/15 20:34:58 | 000,041,437 | ---- | C] () -- C:\Users\David\Documents\Katy_Trail.pdf
[2010/06/15 20:12:37 | 000,017,408 | ---- | C] () -- C:\Users\David\Documents\Katy.xls
[2010/06/12 23:37:46 | 000,000,000 | ---- | C] () -- C:\LogMeIn-1310-20100612-233746.dmp
[2009/11/24 23:28:44 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2009/11/24 23:23:51 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/11/24 23:16:45 | 000,122,880 | ---- | C] () -- C:\Windows\System32\cddvdint.dll
[2009/11/24 23:12:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/11/24 23:12:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/11/24 23:12:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/11/24 23:12:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/11/24 23:12:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/11/24 23:12:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/08/30 20:32:17 | 000,001,330 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2009/08/18 13:29:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/18 13:10:37 | 000,000,403 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/05/18 13:09:25 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbautil.dll
[2009/05/18 13:09:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLBAinst.dll
[2009/05/18 13:09:24 | 000,479,232 | ---- | C] () -- C:\Windows\System32\dlbajswr.dll
[2009/05/18 13:09:24 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlbainsb.dll
[2009/05/18 13:09:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\dlbains.dll
[2009/05/18 13:09:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbacur.dll
[2009/05/18 13:09:24 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbainsr.dll
[2009/05/18 13:09:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbacu.dll
[2009/05/18 13:06:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/05/18 13:06:45 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/05/18 13:06:03 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbacnv4.dll
[2009/05/18 13:06:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbavs.dll
[2009/05/18 13:06:01 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbacoin.dll
[2009/05/18 12:54:40 | 000,040,960 | ---- | C] () -- C:\Windows\System32\WMPCI54G.dll
[2009/05/18 12:54:26 | 000,000,493 | ---- | C] () -- C:\Windows\System32\wlan.ini
[2009/05/15 17:27:37 | 000,034,304 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/05 15:45:45 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/05/05 15:45:45 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/05/05 15:45:45 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/05/05 15:45:45 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/05/05 13:06:57 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/05 13:06:57 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/05 13:06:57 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/05 13:06:57 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/05 13:06:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/05 13:06:57 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/05 13:06:56 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/05 13:06:56 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/05 13:06:56 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/05 13:06:56 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/05 13:06:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/05 13:06:56 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/05 13:06:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/05 13:06:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/05 13:06:56 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/05 13:06:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/05 13:06:55 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/05 13:06:55 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/05 13:06:55 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/05 13:06:55 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/05 13:06:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/05 13:06:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/05 13:06:52 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/06/02 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Avery
[2010/07/09 21:34:05 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Clip Art Collection
[2010/08/17 17:19:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.titleist.gbf.pga.7CDAE941C65273973F33EE01488E285A2B576605.1
[2010/08/20 19:33:21 | 000,000,000 | -HSD | M] -- C:\Users\David\AppData\Roaming\Earthlink
[2009/08/30 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2010/04/04 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TomTom
[2009/11/25 20:42:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Ulead Systems
[2010/09/01 06:49:16 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/01 00:17:04 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3F5D6C48-F742-41F9-9309-2770C0A97CB0}.job
[2010/09/01 18:14:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{55DA8026-62CE-4E82-B28F-89333ADDF3C8}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >


#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:19 AM

Posted 01 September 2010 - 08:30 PM

Does this block happen in both IE and Firefox?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 mapex

mapex
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 01 September 2010 - 11:06 PM

Yes both firefox and ie result in that page under this profile. Using something like a built in search engine in either will result in a results page showing up that appears correct but either clicking a link or manually typing in the URL results in redirecting to hxxp://stopmalwaresite.com/block.php?url=h...w.microsoft.com and the picture shown in the first post

Edited by mpascal, 03 September 2010 - 08:49 PM.
removed link





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users