Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirect issues


  • This topic is locked This topic is locked
33 replies to this topic

#1 TeeJ76

TeeJ76

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 11 September 2010 - 04:30 PM

Hi there

I've had the infamous Google redirect virus/malware for a while now ( a few weeks) and am only now getting round to trying to get rid of it. I downloaded and ran Malwarebyte's anti-malware and it doesn't seem to be able to find anything. I found this forum and followed all the instructions in your preparations guide. I ran the DDS which was fine, no problems there but when I tried to run GMER to create the log for that it would start scanning fine and then freeze my laptop after a couple of minutes mid scan so I don;t know if there's something else I should be doing to prevent this.

Anyway here is the DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by TeeJ at 21:31:38.62 on 11/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2038.306 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spotify\spotify.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Users\TeeJ\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Google Update] "c:\users\teej\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [<NO NAME>]
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
Trusted Zone: o2.co.uk\*.broadband
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-5 214664]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-4 625224]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2004-1-18 4864]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-6 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-6 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-6 40552]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-6 34248]

=============== Created Last 30 ================

2010-09-05 13:44:11 0 d-----w- c:\program files\iPod
2010-09-05 13:43:58 0 d-----w- c:\program files\iTunes
2010-08-25 16:41:58 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-14 05:46:40 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-08-14 05:46:40 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-08-14 05:46:40 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-08-14 05:46:39 0 d-----w- c:\windows\system32\Lang
2010-08-14 02:01:25 1002008 ----a-w- c:\windows\system32\igxpun.exe
2010-08-14 02:01:25 0 d-----w- c:\windows\system32\x64
2010-08-12 21:26:33 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 21:26:05 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 21:24:58 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-12 21:24:58 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-12 21:24:29 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 21:23:57 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 21:23:23 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 21:23:23 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 21:23:23 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-12 21:21:27 224256 ----a-w- c:\windows\system32\schannel.dll

==================== Find3M ====================

2010-07-17 11:20:09 75776 --sha-r- c:\windows\system32\sqmapid.dll
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 14:18:22 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:33:16.16 ===============


Like I say I tried to run GMER twice but both times it froze my laptop so I've been unable to get the log. I also have Hijakthis but I wasn;t sure if the log from that would be helpful at this stage. Let me know if you want me to run a new log.

Many thanks in advance for any help you guys can give me.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:32 AM

Posted 16 September 2010 - 06:49 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 TeeJ76

TeeJ76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 16 September 2010 - 08:11 PM

Hi there Mole

Thanks for the reply! I've now switched to using Goggle Chrome for the time being as it's less annoying but I'd still like to get rid of this virus/malware if possible so I'm ready for instructions!

TeeJ

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:32 AM

Posted 17 September 2010 - 03:15 PM

Please try and run Gmer with just the SECTIONS option checked.


Posted Image
m0le is a proud member of UNITE

#5 TeeJ76

TeeJ76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 18 September 2010 - 02:57 AM

Hi Mole

Okay I ran Gmer with just the sections option checked and had two problems. First when I tried to save the log my laptop blue screened. I copied this from the Windows problem solution box that came up after it restarted.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 2057

Additional information about the problem:
BCCode: f4
BCP1: 00000003
BCP2: 885E6390
BCP3: 885E64FC
BCP4: 82C45DD0
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\091810-18018-01.dmp
C:\Users\TeeJ\AppData\Local\Temp\WER-70403-0.sysdata.xml

After that I ran Gmer and again tried to save the log. The log saved fine but when I tried to open it it took ages to do anything and then my laptop froze. I restarted again got the log open this time, here it is:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-18 08:36:16
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\TeeJ\AppData\Local\Temp\kxldipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82A67148 5 Bytes JMP 8EE997CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A7F599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA3F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 93F42C9D 28 Bytes [84, 6C, 9A, 3D, 71, E0, 65, ...]
.text peauth.sys 93F42CC1 28 Bytes [84, 6C, 9A, 3D, 71, E0, 65, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[432] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 00500098
.text C:\Windows\system32\services.exe[432] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 005000D8
.text C:\Windows\system32\services.exe[432] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 005000B3
.text C:\Windows\system32\services.exe[432] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 0050002C
.text C:\Windows\system32\services.exe[432] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00500F6F
.text C:\Windows\system32\services.exe[432] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 00500F91
.text C:\Windows\system32\services.exe[432] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 00500073
.text C:\Windows\system32\services.exe[432] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00500058
.text C:\Windows\system32\services.exe[432] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 00500000
.text C:\Windows\system32\services.exe[432] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 00500F28
.text C:\Windows\system32\services.exe[432] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00500FC0
.text C:\Windows\system32\services.exe[432] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00500047
.text C:\Windows\system32\services.exe[432] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00500FE5
.text C:\Windows\system32\services.exe[432] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00500F4A
.text C:\Windows\system32\services.exe[432] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00500011
.text C:\Windows\system32\services.exe[432] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 00500F39
.text C:\Windows\system32\services.exe[432] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00500F80
.text C:\Windows\system32\services.exe[432] msvcrt.dll!_open 77157E48 5 Bytes JMP 004F000C
.text C:\Windows\system32\services.exe[432] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 004F0FB7
.text C:\Windows\system32\services.exe[432] msvcrt.dll!system 7718B16F 5 Bytes JMP 004F0FC8
.text C:\Windows\system32\services.exe[432] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 004F0FE3
.text C:\Windows\system32\services.exe[432] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 004F0038
.text C:\Windows\system32\services.exe[432] msvcrt.dll!_wopen 77190570 5 Bytes JMP 004F001D
.text C:\Windows\system32\services.exe[432] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 00080FE5
.text C:\Windows\system32\services.exe[432] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 0008002F
.text C:\Windows\system32\services.exe[432] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 00080FA8
.text C:\Windows\system32\services.exe[432] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 0008004A
.text C:\Windows\system32\services.exe[432] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 00080FD4
.text C:\Windows\system32\services.exe[432] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 0008006F
.text C:\Windows\system32\services.exe[432] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 00080014
.text C:\Windows\system32\services.exe[432] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 00080FC3
.text C:\Windows\system32\services.exe[432] WS2_32.dll!socket 76483F00 5 Bytes JMP 00510FEF
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 006300DF
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 00630104
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00630F6F
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 00630051
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 006300C4
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 00630FC0
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 00630098
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00630087
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 0063001B
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 00630F5E
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00630FDB
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 0063006C
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 0063000A
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00630FA5
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00630036
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 00630F8A
.text C:\Windows\system32\lsass.exe[468] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 006300B3
.text C:\Windows\system32\lsass.exe[468] msvcrt.dll!_open 77157E48 5 Bytes JMP 00130FEF
.text C:\Windows\system32\lsass.exe[468] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 00130FB9
.text C:\Windows\system32\lsass.exe[468] msvcrt.dll!system 7718B16F 5 Bytes JMP 00130044
.text C:\Windows\system32\lsass.exe[468] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 00130FDE
.text C:\Windows\system32\lsass.exe[468] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 00130033
.text C:\Windows\system32\lsass.exe[468] msvcrt.dll!_wopen 77190570 5 Bytes JMP 0013000C
.text C:\Windows\system32\lsass.exe[468] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 00110000
.text C:\Windows\system32\lsass.exe[468] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 00110040
.text C:\Windows\system32\lsass.exe[468] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 00110F9E
.text C:\Windows\system32\lsass.exe[468] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 00110FB9
.text C:\Windows\system32\lsass.exe[468] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 00110FEF
.text C:\Windows\system32\lsass.exe[468] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 00110051
.text C:\Windows\system32\lsass.exe[468] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 00110025
.text C:\Windows\system32\lsass.exe[468] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 00110FD4
.text C:\Windows\system32\lsass.exe[468] WS2_32.dll!socket 76483F00 5 Bytes JMP 0012000A
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 00950F6F
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 009500C7
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00950F28
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 0095002C
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00950098
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 0095007D
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 00950FA5
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00950FB6
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 0095000A
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 00950F17
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00950047
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00950058
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00950F54
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 00950F43
.text C:\Windows\system32\svchost.exe[616] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00950F8A
.text C:\Windows\system32\svchost.exe[616] msvcrt.dll!_open 77157E48 5 Bytes JMP 00940FEF
.text C:\Windows\system32\svchost.exe[616] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 00940069
.text C:\Windows\system32\svchost.exe[616] msvcrt.dll!system 7718B16F 5 Bytes JMP 0094004E
.text C:\Windows\system32\svchost.exe[616] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 00940018
.text C:\Windows\system32\svchost.exe[616] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 0094003D
.text C:\Windows\system32\svchost.exe[616] msvcrt.dll!_wopen 77190570 5 Bytes JMP 00940FDE
.text C:\Windows\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 008E0FEF
.text C:\Windows\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 008E0036
.text C:\Windows\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 008E0F94
.text C:\Windows\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 008E0FAF
.text C:\Windows\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 008E0014
.text C:\Windows\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 008E0F79
.text C:\Windows\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 008E0FD4
.text C:\Windows\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 008E0025
.text C:\Windows\system32\svchost.exe[616] WS2_32.dll!socket 76483F00 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 002D0F57
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 002D00C0
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 002D00A5
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 002D0FCA
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 002D008A
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 002D0065
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 002D004A
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 002D0F8D
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 002D0FE5
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 002D00D1
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 002D0FB9
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 002D0F9E
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 002D0000
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 002D0F46
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 002D0011
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 002D0F2B
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 002D0F72
.text C:\Windows\system32\svchost.exe[696] msvcrt.dll!_open 77157E48 5 Bytes JMP 002C0000
.text C:\Windows\system32\svchost.exe[696] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 002C0042
.text C:\Windows\system32\svchost.exe[696] msvcrt.dll!system 7718B16F 5 Bytes JMP 002C0027
.text C:\Windows\system32\svchost.exe[696] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 002C0FC8
.text C:\Windows\system32\svchost.exe[696] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 002C0FB7
.text C:\Windows\system32\svchost.exe[696] msvcrt.dll!_wopen 77190570 5 Bytes JMP 002C0FE3
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 00130000
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 0013003D
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 00130FAC
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 0013004E
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 00130FE5
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 0013005F
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 0013001B
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 0013002C
.text C:\Windows\system32\svchost.exe[696] WS2_32.dll!socket 76483F00 5 Bytes JMP 00140FE5
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 005B006F
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 005B00A2
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 005B0091
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 005B0014
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 005B0F3C
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 005B004A
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 005B0039
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 005B0F7C
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 005B0FD4
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 005B00BD
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 005B0F9E
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 005B0F8D
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 005B0FEF
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 005B0080
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 005B0FB9
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 005B0F21
.text C:\Windows\System32\svchost.exe[760] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 005B0F57
.text C:\Windows\System32\svchost.exe[760] msvcrt.dll!_open 77157E48 5 Bytes JMP 005A0FEF
.text C:\Windows\System32\svchost.exe[760] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 005A0039
.text C:\Windows\System32\svchost.exe[760] msvcrt.dll!system 7718B16F 5 Bytes JMP 005A0014
.text C:\Windows\System32\svchost.exe[760] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 005A0FB5
.text C:\Windows\System32\svchost.exe[760] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 005A0FA4
.text C:\Windows\System32\svchost.exe[760] msvcrt.dll!_wopen 77190570 5 Bytes JMP 005A0FC6
.text C:\Windows\System32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 00580FEF
.text C:\Windows\System32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 00580FB9
.text C:\Windows\System32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 00580040
.text C:\Windows\System32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 00580FA8
.text C:\Windows\System32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 00580014
.text C:\Windows\System32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 0058005B
.text C:\Windows\System32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 00580025
.text C:\Windows\System32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 00580FD4
.text C:\Windows\System32\svchost.exe[760] WS2_32.dll!socket 76483F00 5 Bytes JMP 00590000
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 00C800A2
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 00C80F28
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00C800BD
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 00C80047
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00C80F6F
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 00C80F9E
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 00C80FAF
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00C80FC0
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 00C80025
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 00C800D8
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00C80058
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00C80FD1
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00C8000A
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00C80F5E
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00C80036
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 00C80F4D
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00C80087
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_open 77157E48 5 Bytes JMP 00AE0000
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 00AE0FC3
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!system 7718B16F 5 Bytes JMP 00AE0FD4
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 00AE0FEF
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 00AE0044
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_wopen 77190570 5 Bytes JMP 00AE0029
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 00730000
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 00730FA5
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 00730F79
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 00730F8A
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 00730FE5
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 00730F5E
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 00730FD4
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 0073001B
.text C:\Windows\System32\svchost.exe[828] WS2_32.dll!socket 76483F00 5 Bytes JMP 00A90000
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 00CC0F5E
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 00CC00A2
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00CC0F17
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 00CC001B
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00CC0087
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 00CC005B
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 00CC0F83
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00CC0F94
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 00CC000A
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 00CC0EE8
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00CC002C
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00CC0FA5
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00CC0FEF
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00CC0F43
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00CC0FD4
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 00CC0F32
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00CC006C
.text C:\Windows\system32\svchost.exe[860] msvcrt.dll!_open 77157E48 5 Bytes JMP 00C40000
.text C:\Windows\system32\svchost.exe[860] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 00C40FA3
.text C:\Windows\system32\svchost.exe[860] msvcrt.dll!system 7718B16F 5 Bytes JMP 00C40FBE
.text C:\Windows\system32\svchost.exe[860] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 00C40FD9
.text C:\Windows\system32\svchost.exe[860] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 00C4002E
.text C:\Windows\system32\svchost.exe[860] msvcrt.dll!_wopen 77190570 5 Bytes JMP 00C40011
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 00BA000A
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 00BA0FD4
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 00BA0076
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 00BA0065
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 00BA0025
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 00BA0087
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 00BA0036
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 00BA0FE5
.text C:\Windows\system32\svchost.exe[860] WS2_32.dll!socket 76483F00 5 Bytes JMP 00BF0000
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 004700B3
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 004700E9
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 004700D8
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 00470025
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00470098
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 00470087
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 0047006C
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 0047005B
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 00470014
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 004700FA
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00470FB9
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00470040
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00470FEF
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00470F6F
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00470FD4
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 00470F5E
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00470F8A
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_open 77157E48 5 Bytes JMP 00420FEF
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 00420FCA
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!system 7718B16F 5 Bytes JMP 00420055
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 00420029
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 00420044
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wopen 77190570 5 Bytes JMP 0042000C
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 00400000
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 00400FD4
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 00400FB9
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 0040005B
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 00400025
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 00400FA8
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 00400040
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 00400FE5
.text C:\Windows\system32\svchost.exe[1024] WS2_32.dll!socket 76483F00 5 Bytes JMP 00410000
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 02BE00A2
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 02BE0F54
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 02BE00DF
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 02BE0FB9
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 02BE0091
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 02BE0F9E
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 02BE0076
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 02BE0065
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 02BE0FE5
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 02BE0F43
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 02BE002F
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 02BE0040
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 02BE0000
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 02BE00BD
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 02BE0FCA
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 02BE00CE
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 02BE0F8D
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_open 77157E48 5 Bytes JMP 00F50FEF
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 00F50FA6
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!system 7718B16F 5 Bytes JMP 00F50FC1
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 00F50027
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 00F50FD2
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wopen 77190570 5 Bytes JMP 00F5000C
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 00F30FE5
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 00F30040
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 00F30F9E
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 00F30FB9
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 00F30FD4
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 00F30F8D
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 00F30014
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 00F30025
.text C:\Windows\system32\svchost.exe[1176] WS2_32.dll!socket 76483F00 5 Bytes JMP 00F40FEF
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 00210F65
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 002100DF
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00210F4A
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 00210FAF
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 0021008E
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 00210062
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 00210F94
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00210051
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 002100FA
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00210025
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00210040
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00210FE5
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 002100A9
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00210FC0
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 002100BA
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 0021007D
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_open 77157E48 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 00200FC0
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!system 7718B16F 5 Bytes JMP 00200055
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 00200029
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 0020003A
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wopen 77190570 5 Bytes JMP 00200018
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 001F0FB6
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 001F0F8A
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 001F0F9B
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 001F0FDB
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 001F0F6F
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 001F0011
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 001F0022
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 00D80F83
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 00D800F3
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00D800E2
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 00D80FC3
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00D800AC
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 00D8008A
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 00D8006F
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00D80054
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 00D80FD4
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 00D80118
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00D80039
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00D80FB2
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00D80FE5
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00D80F72
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00D8000A
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 00D800D1
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00D8009B
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_open 77157E48 5 Bytes JMP 00D70000
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 00D7003F
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!system 7718B16F 5 Bytes JMP 00D7002E
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 00D7001D
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 00D70FBE
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wopen 77190570 5 Bytes JMP 00D70FE3
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 00D10FE5
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 00D10F83
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 00D10014
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 00D10F68
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 00D10FD4
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 00D10025
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 00D10FB9
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 00D10F9E
.text C:\Windows\system32\svchost.exe[1528] WS2_32.dll!socket 76483F00 5 Bytes JMP 00D60000
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 050100D1
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 05010F57
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 05010F72
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 05010040
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 05010F9E
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 0501009B
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!LoadLibraryExW 7789B6BF 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 05010FC3
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 05010FDE
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 05010014
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 050100FD
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 05010065
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 05010080
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 05010FEF
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 050100E2
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 0501002F
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 05010F8D
.text C:\Windows\System32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 050100AC
.text C:\Windows\System32\svchost.exe[1592] msvcrt.dll!_open 77157E48 5 Bytes JMP 05000FEF
.text C:\Windows\System32\svchost.exe[1592] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 0500004C
.text C:\Windows\System32\svchost.exe[1592] msvcrt.dll!system 7718B16F 5 Bytes JMP 05000027
.text C:\Windows\System32\svchost.exe[1592] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 05000FB7
.text C:\Windows\System32\svchost.exe[1592] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 0500000C
.text C:\Windows\System32\svchost.exe[1592] msvcrt.dll!_wopen 77190570 5 Bytes JMP 05000FDE
.text C:\Windows\System32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 04FE0000
.text C:\Windows\System32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 04FE0047
.text C:\Windows\System32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 04FE0FCA
.text C:\Windows\System32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 04FE0062
.text C:\Windows\System32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 04FE001B
.text C:\Windows\System32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 04FE0FAF
.text C:\Windows\System32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 04FE002C
.text C:\Windows\System32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 04FE0FDB
.text C:\Windows\System32\svchost.exe[1592] wininet.dll!InternetOpenA 76107DDC 5 Bytes JMP 04FD0000
.text C:\Windows\System32\svchost.exe[1592] wininet.dll!InternetOpenW 76109D60 5 Bytes JMP 04FD0011
.text C:\Windows\System32\svchost.exe[1592] wininet.dll!InternetOpenUrlA 7610DBD8 5 Bytes JMP 04FD0FDB
.text C:\Windows\System32\svchost.exe[1592] wininet.dll!InternetOpenUrlW 7615DCB0 5 Bytes JMP 04FD002C
.text C:\Windows\System32\svchost.exe[1592] WS2_32.dll!socket 76483F00 5 Bytes JMP 04FF0000
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 00600F10
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 00600EEE
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00600083
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 00600FB9
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00600F2B
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 00600F57
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 0060002F
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00600F68
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 00600000
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 006000A8
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00600FA8
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00600F8D
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00600FE5
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00600EFF
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00600FCA
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 00600068
.text C:\Windows\system32\svchost.exe[1728] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00600F3C
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_open 77157E48 5 Bytes JMP 005E0FE3
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 005E0FA6
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!system 7718B16F 5 Bytes JMP 005E0FB7
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 005E0FC8
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 005E0027
.text C:\Windows\system32\svchost.exe[1728] msvcrt.dll!_wopen 77190570 5 Bytes JMP 005E000C
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 005C0000
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 005C0040
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 005C0F9E
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 005C0FB9
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 005C0FE5
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 005C0F8D
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 005C001B
.text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 005C0FD4
.text C:\Windows\system32\svchost.exe[1728] WS2_32.dll!socket 76483F00 5 Bytes JMP 005D0FEF
.text C:\Windows\system32\svchost.exe[1728] WININET.dll!InternetOpenA 76107DDC 5 Bytes JMP 006D0000
.text C:\Windows\system32\svchost.exe[1728] WININET.dll!InternetOpenW 76109D60 5 Bytes JMP 006D0FE5
.text C:\Windows\system32\svchost.exe[1728] WININET.dll!InternetOpenUrlA 7610DBD8 5 Bytes JMP 006D001B
.text C:\Windows\system32\svchost.exe[1728] WININET.dll!InternetOpenUrlW 7615DCB0 5 Bytes JMP 006D0FCA
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1804] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1804] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 00010F5E
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 000100C7
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00010F32
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 00010FC3
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 0001005B
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 0001004A
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00010039
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 000100D8
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00010FB2
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00010F97
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00010F4D
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 000100AC
.text C:\Windows\system32\svchost.exe[3300] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00010076
.text C:\Windows\system32\svchost.exe[3300] msvcrt.dll!_open 77157E48 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[3300] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 000A0F8B
.text C:\Windows\system32\svchost.exe[3300] msvcrt.dll!system 7718B16F 5 Bytes JMP 000A0F9C
.text C:\Windows\system32\svchost.exe[3300] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 000A0FD2
.text C:\Windows\system32\svchost.exe[3300] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 000A0FB7
.text C:\Windows\system32\svchost.exe[3300] msvcrt.dll!_wopen 77190570 5 Bytes JMP 000A000C
.text C:\Windows\system32\svchost.exe[3300] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 000F000A
.text C:\Windows\system32\svchost.exe[3300] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 000F0040
.text C:\Windows\system32\svchost.exe[3300] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 000F0FB2
.text C:\Windows\system32\svchost.exe[3300] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 000F0FC3
.text C:\Windows\system32\svchost.exe[3300] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[3300] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 000F0065
.text C:\Windows\system32\svchost.exe[3300] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 000F0FD4
.text C:\Windows\system32\svchost.exe[3300] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 000F0025
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 00010F17
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 00010EC6
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00010EE1
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00010F32
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 0001004A
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 00010F72
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00010F83
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 00010EB5
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 0001005B
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 00010EFC
.text C:\Windows\system32\svchost.exe[3348] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00010F4D
.text C:\Windows\system32\svchost.exe[3348] msvcrt.dll!_open 77157E48 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\svchost.exe[3348] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 000D0042
.text C:\Windows\system32\svchost.exe[3348] msvcrt.dll!system 7718B16F 5 Bytes JMP 000D0027
.text C:\Windows\system32\svchost.exe[3348] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 000D0FC1
.text C:\Windows\system32\svchost.exe[3348] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 000D000C
.text C:\Windows\system32\svchost.exe[3348] msvcrt.dll!_wopen 77190570 5 Bytes JMP 000D0FD2
.text C:\Windows\system32\svchost.exe[3348] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[3348] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 000F0FCD
.text C:\Windows\system32\svchost.exe[3348] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 000F0054
.text C:\Windows\system32\svchost.exe[3348] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 000F0FB2
.text C:\Windows\system32\svchost.exe[3348] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 000F000A
.text C:\Windows\system32\svchost.exe[3348] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 000F006F
.text C:\Windows\system32\svchost.exe[3348] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 000F0025
.text C:\Windows\system32\svchost.exe[3348] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 000F0FDE
.text C:\Windows\system32\svchost.exe[3348] WS2_32.dll!socket 76483F00 5 Bytes JMP 00130000
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 00010F46
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 000100C0
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00010F2B
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00010F57
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 00010F83
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 00010051
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00010F94
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 000100D1
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 0001002C
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00010FA5
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00010094
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 000100AF
.text C:\Windows\Explorer.EXE[3476] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00010F72
.text C:\Windows\Explorer.EXE[3476] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 000D0000
.text C:\Windows\Explorer.EXE[3476] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 000D0FAF
.text C:\Windows\Explorer.EXE[3476] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 000D0F94
.text C:\Windows\Explorer.EXE[3476] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 000D0036
.text C:\Windows\Explorer.EXE[3476] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 000D001B
.text C:\Windows\Explorer.EXE[3476] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 000D0F79
.text C:\Windows\Explorer.EXE[3476] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 000D0FDB
.text C:\Windows\Explorer.EXE[3476] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 000D0FCA
.text C:\Windows\Explorer.EXE[3476] msvcrt.dll!_open 77157E48 5 Bytes JMP 000E0000
.text C:\Windows\Explorer.EXE[3476] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 000E0FA8
.text C:\Windows\Explorer.EXE[3476] msvcrt.dll!system 7718B16F 5 Bytes JMP 000E0FB9
.text C:\Windows\Explorer.EXE[3476] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 000E0029
.text C:\Windows\Explorer.EXE[3476] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 000E0FD4
.text C:\Windows\Explorer.EXE[3476] msvcrt.dll!_wopen 77190570 5 Bytes JMP 000E0FEF
.text C:\Windows\Explorer.EXE[3476] WININET.dll!InternetOpenA 76107DDC 5 Bytes JMP 03250000
.text C:\Windows\Explorer.EXE[3476] WININET.dll!InternetOpenW 76109D60 5 Bytes JMP 03250FE5
.text C:\Windows\Explorer.EXE[3476] WININET.dll!InternetOpenUrlA 7610DBD8 5 Bytes JMP 03250FCA
.text C:\Windows\Explorer.EXE[3476] WININET.dll!InternetOpenUrlW 7615DCB0 5 Bytes JMP 03250FAF
.text C:\Windows\Explorer.EXE[3476] WS2_32.dll!socket 76483F00 5 Bytes JMP 034E000A
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!GetStartupInfoA 77851DF0 5 Bytes JMP 0001009B
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!CreateProcessW 7785202D 5 Bytes JMP 000100CA
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!CreateProcessA 77852062 5 Bytes JMP 00010F35
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!CreateNamedPipeW 77881FD6 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!CreatePipe 77884A8B 5 Bytes JMP 00010F68
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!VirtualProtect 778950AB 5 Bytes JMP 00010F79
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!LoadLibraryExW 7789B6BF 5 Bytes JMP 00010F9E
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!LoadLibraryExA 7789BC8B 5 Bytes JMP 00010051
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!CreateFileW 778A0B7D 5 Bytes JMP 00010FDB
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!GetProcAddress 778A1857 5 Bytes JMP 000100DB
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!LoadLibraryA 778A2884 5 Bytes JMP 00010036
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!LoadLibraryW 778A28D2 5 Bytes JMP 00010FAF
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!CreateFileA 778A291C 5 Bytes JMP 00010000
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!GetStartupInfoW 778A7CD5 5 Bytes JMP 00010F57
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!CreateNamedPipeA 778DD5BF 5 Bytes JMP 00010011
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!WinExec 778DE76D 5 Bytes JMP 00010F46
.text C:\Windows\System32\svchost.exe[4644] kernel32.dll!VirtualProtectEx 778DF729 5 Bytes JMP 00010076
.text C:\Windows\System32\svchost.exe[4644] msvcrt.dll!_open 77157E48 5 Bytes JMP 000D000C
.text C:\Windows\System32\svchost.exe[4644] msvcrt.dll!_wsystem 7718B04F 5 Bytes JMP 000D0FCD
.text C:\Windows\System32\svchost.exe[4644] msvcrt.dll!system 7718B16F 5 Bytes JMP 000D0058
.text C:\Windows\System32\svchost.exe[4644] msvcrt.dll!_creat 7718ED29 5 Bytes JMP 000D0FEF
.text C:\Windows\System32\svchost.exe[4644] msvcrt.dll!_wcreat 7719038E 5 Bytes JMP 000D0FDE
.text C:\Windows\System32\svchost.exe[4644] msvcrt.dll!_wopen 77190570 5 Bytes JMP 000D0029
.text C:\Windows\System32\svchost.exe[4644] WS2_32.dll!socket 76483F00 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[4644] ADVAPI32.dll!RegOpenKeyA 763ED2ED 5 Bytes JMP 00290000
.text C:\Windows\System32\svchost.exe[4644] ADVAPI32.dll!RegCreateKeyA 763ED3C1 5 Bytes JMP 00290047
.text C:\Windows\System32\svchost.exe[4644] ADVAPI32.dll!RegCreateKeyExA 763F1B71 5 Bytes JMP 00290FC0
.text C:\Windows\System32\svchost.exe[4644] ADVAPI32.dll!RegCreateKeyW 763F1CC0 5 Bytes JMP 00290058
.text C:\Windows\System32\svchost.exe[4644] ADVAPI32.dll!RegOpenKeyW 763F3129 5 Bytes JMP 00290011
.text C:\Windows\System32\svchost.exe[4644] ADVAPI32.dll!RegCreateKeyExW 763FB946 5 Bytes JMP 00290FA5
.text C:\Windows\System32\svchost.exe[4644] ADVAPI32.dll!RegOpenKeyExA 763FBC0D 5 Bytes JMP 0029002C
.text C:\Windows\System32\svchost.exe[4644] ADVAPI32.dll!RegOpenKeyExW 763FBEC4 5 Bytes JMP 00290FDB

---- EOF - GMER 1.0.15 ----


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:32 AM

Posted 18 September 2010 - 03:34 AM

Please run TDSSKiller
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then please run MBRCheck (both these programs look for specific and prolific threats)

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 TeeJ76

TeeJ76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 18 September 2010 - 05:31 AM

TDSSKiller didn't find any threats, here's the report:


2010/09/18 11:27:12.0208 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/18 11:27:12.0208 ================================================================================
2010/09/18 11:27:12.0208 SystemInfo:
2010/09/18 11:27:12.0208
2010/09/18 11:27:12.0208 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/18 11:27:12.0208 Product type: Workstation
2010/09/18 11:27:12.0208 ComputerName: TEEJ-PC
2010/09/18 11:27:12.0210 UserName: TeeJ
2010/09/18 11:27:12.0210 Windows directory: C:\Windows
2010/09/18 11:27:12.0210 System windows directory: C:\Windows
2010/09/18 11:27:12.0210 Processor architecture: Intel x86
2010/09/18 11:27:12.0210 Number of processors: 2
2010/09/18 11:27:12.0210 Page size: 0x1000
2010/09/18 11:27:12.0210 Boot type: Normal boot
2010/09/18 11:27:12.0210 ================================================================================
2010/09/18 11:27:12.0755 Initialize success
2010/09/18 11:27:28.0045 ================================================================================
2010/09/18 11:27:28.0045 Scan started
2010/09/18 11:27:28.0045 Mode: Manual;
2010/09/18 11:27:28.0045 ================================================================================
2010/09/18 11:27:29.0706 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/18 11:27:29.0762 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/18 11:27:29.0802 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/18 11:27:29.0865 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/18 11:27:29.0909 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/18 11:27:29.0950 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/18 11:27:30.0021 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/09/18 11:27:30.0126 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/09/18 11:27:30.0189 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/18 11:27:30.0241 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/09/18 11:27:30.0319 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/18 11:27:30.0352 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/09/18 11:27:30.0385 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/18 11:27:30.0429 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/18 11:27:30.0460 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/18 11:27:30.0510 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/18 11:27:30.0572 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/18 11:27:30.0607 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/18 11:27:30.0652 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/09/18 11:27:30.0737 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/09/18 11:27:30.0761 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/18 11:27:30.0810 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/18 11:27:30.0849 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/18 11:27:30.0936 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
2010/09/18 11:27:31.0160 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/09/18 11:27:31.0245 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/09/18 11:27:31.0288 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/09/18 11:27:31.0338 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/18 11:27:31.0397 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/18 11:27:31.0438 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/18 11:27:31.0464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/18 11:27:31.0507 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/09/18 11:27:31.0538 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/18 11:27:31.0564 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/18 11:27:31.0597 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/18 11:27:31.0670 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/18 11:27:31.0715 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/18 11:27:31.0741 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/18 11:27:31.0818 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/09/18 11:27:31.0871 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/18 11:27:31.0927 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/18 11:27:31.0977 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/18 11:27:32.0030 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/18 11:27:32.0082 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/09/18 11:27:32.0136 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/18 11:27:32.0183 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/18 11:27:32.0235 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/09/18 11:27:32.0286 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/18 11:27:32.0327 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/18 11:27:32.0367 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/18 11:27:32.0450 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/09/18 11:27:32.0515 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/09/18 11:27:32.0543 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/09/18 11:27:32.0601 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/09/18 11:27:32.0669 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/18 11:27:32.0936 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/09/18 11:27:33.0104 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/18 11:27:33.0144 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/18 11:27:33.0208 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/09/18 11:27:33.0256 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/09/18 11:27:33.0301 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/18 11:27:33.0341 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/09/18 11:27:33.0372 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/09/18 11:27:33.0407 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/18 11:27:33.0444 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/09/18 11:27:33.0485 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/09/18 11:27:33.0631 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/18 11:27:33.0744 FUJ02B1 (49e588ac7d2b57f057756a91c6f36d25) C:\Windows\system32\DRIVERS\FUJ02B1.sys
2010/09/18 11:27:33.0920 FUJ02E3 (ef9f310f86fd504afcdcedf8280091fb) C:\Windows\system32\DRIVERS\FUJ02E3.sys
2010/09/18 11:27:34.0054 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/18 11:27:34.0237 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/18 11:27:34.0308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/18 11:27:34.0376 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/18 11:27:34.0451 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/09/18 11:27:34.0507 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/18 11:27:34.0536 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/18 11:27:34.0582 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/18 11:27:34.0618 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/18 11:27:34.0679 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/18 11:27:34.0758 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/18 11:27:34.0814 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/09/18 11:27:34.0858 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/18 11:27:34.0907 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/18 11:27:34.0966 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/18 11:27:35.0172 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/18 11:27:35.0410 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/18 11:27:35.0461 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/18 11:27:35.0505 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/18 11:27:35.0546 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/18 11:27:35.0585 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/18 11:27:35.0623 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/09/18 11:27:35.0687 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
2010/09/18 11:27:35.0719 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/09/18 11:27:35.0759 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/18 11:27:35.0816 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/18 11:27:35.0868 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/18 11:27:35.0913 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/18 11:27:35.0960 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/18 11:27:36.0016 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/18 11:27:36.0249 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/18 11:27:36.0312 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/18 11:27:36.0344 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/18 11:27:36.0382 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/18 11:27:36.0406 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/18 11:27:36.0452 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/09/18 11:27:36.0548 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/18 11:27:36.0584 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/18 11:27:36.0644 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
2010/09/18 11:27:36.0705 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
2010/09/18 11:27:36.0844 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
2010/09/18 11:27:36.0978 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2010/09/18 11:27:37.0096 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2010/09/18 11:27:37.0154 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/09/18 11:27:37.0201 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/18 11:27:37.0238 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/18 11:27:37.0293 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/18 11:27:37.0328 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/09/18 11:27:37.0381 MPFP (4fc96dab9d75c1f544ba45ccbafcae7e) C:\Windows\system32\Drivers\Mpfp.sys
2010/09/18 11:27:37.0528 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/18 11:27:37.0579 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/18 11:27:37.0619 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/18 11:27:37.0679 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/18 11:27:37.0839 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/18 11:27:38.0029 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/18 11:27:38.0188 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/18 11:27:38.0218 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/18 11:27:38.0284 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/09/18 11:27:38.0314 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/18 11:27:38.0336 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/18 11:27:38.0407 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/18 11:27:38.0438 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/18 11:27:38.0471 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/09/18 11:27:38.0506 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/09/18 11:27:38.0544 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/18 11:27:38.0576 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/09/18 11:27:38.0610 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/18 11:27:38.0638 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/09/18 11:27:38.0830 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/18 11:27:38.0948 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/09/18 11:27:38.0986 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/18 11:27:39.0033 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/18 11:27:39.0078 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/18 11:27:39.0114 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/18 11:27:39.0170 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/09/18 11:27:39.0272 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/18 11:27:39.0324 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/18 11:27:39.0543 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/09/18 11:27:39.0705 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/18 11:27:39.0775 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/09/18 11:27:39.0815 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/18 11:27:39.0895 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/09/18 11:27:39.0945 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/09/18 11:27:39.0985 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/18 11:27:40.0015 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/18 11:27:40.0045 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/18 11:27:40.0085 O2MDRDR (634ff60f418792906887b3d6ceecb431) C:\Windows\system32\DRIVERS\o2media.sys
2010/09/18 11:27:40.0126 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/18 11:27:40.0241 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/09/18 11:27:40.0275 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/09/18 11:27:40.0312 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/09/18 11:27:40.0348 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/09/18 11:27:40.0386 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/18 11:27:40.0435 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/18 11:27:40.0506 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/09/18 11:27:40.0613 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/09/18 11:27:40.0663 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/09/18 11:27:40.0815 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/18 11:27:40.0855 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/09/18 11:27:40.0917 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/18 11:27:41.0011 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/18 11:27:41.0099 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/18 11:27:41.0148 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/18 11:27:41.0179 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/18 11:27:41.0245 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/18 11:27:41.0288 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/18 11:27:41.0350 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/18 11:27:41.0393 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/18 11:27:41.0428 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/18 11:27:41.0480 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/18 11:27:41.0500 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/18 11:27:41.0550 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/09/18 11:27:41.0600 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/18 11:27:41.0640 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/18 11:27:41.0670 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/09/18 11:27:41.0730 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/09/18 11:27:41.0810 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/18 11:27:41.0880 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/18 11:27:41.0940 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/09/18 11:27:41.0990 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/09/18 11:27:42.0030 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/18 11:27:42.0090 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/18 11:27:42.0170 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/18 11:27:42.0229 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/18 11:27:42.0263 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/09/18 11:27:42.0303 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/18 11:27:42.0371 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/18 11:27:42.0403 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/18 11:27:42.0441 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/18 11:27:42.0477 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/18 11:27:42.0532 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/09/18 11:27:42.0580 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/18 11:27:42.0614 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/18 11:27:42.0668 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/09/18 11:27:42.0727 SMSCIRDA (d1bf7148144ad1851893e84363f78130) C:\Windows\system32\DRIVERS\SMSCirda.sys
2010/09/18 11:27:42.0934 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/09/18 11:27:43.0029 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/09/18 11:27:43.0267 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/18 11:27:43.0364 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/18 11:27:43.0576 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2010/09/18 11:27:43.0731 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/18 11:27:43.0779 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/09/18 11:27:43.0814 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/09/18 11:27:43.0879 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/18 11:27:43.0983 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/09/18 11:27:44.0207 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/18 11:27:44.0245 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/18 11:27:44.0292 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/09/18 11:27:44.0333 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/09/18 11:27:44.0359 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/18 11:27:44.0423 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/18 11:27:44.0504 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
2010/09/18 11:27:44.0547 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/18 11:27:44.0590 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/18 11:27:44.0633 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/18 11:27:44.0675 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/18 11:27:44.0734 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/18 11:27:44.0777 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/18 11:27:44.0820 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/18 11:27:44.0890 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/18 11:27:45.0038 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/18 11:27:45.0082 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/18 11:27:45.0119 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/18 11:27:45.0172 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/18 11:27:45.0214 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/18 11:27:45.0242 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/18 11:27:45.0278 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/18 11:27:45.0314 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/18 11:27:45.0375 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/09/18 11:27:45.0423 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/18 11:27:45.0482 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/18 11:27:45.0514 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/09/18 11:27:45.0555 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/18 11:27:45.0616 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/09/18 11:27:45.0651 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/09/18 11:27:45.0682 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/18 11:27:45.0735 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/09/18 11:27:45.0774 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/09/18 11:27:45.0818 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/18 11:27:45.0866 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/09/18 11:27:45.0905 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/18 11:27:45.0959 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/18 11:27:46.0004 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/09/18 11:27:46.0072 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/18 11:27:46.0128 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/18 11:27:46.0144 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/18 11:27:46.0216 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/09/18 11:27:46.0258 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/18 11:27:46.0342 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/18 11:27:46.0380 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/09/18 11:27:46.0488 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/09/18 11:27:46.0523 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/18 11:27:46.0593 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/18 11:27:46.0643 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/09/18 11:27:46.0693 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/18 11:27:46.0783 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
2010/09/18 11:27:46.0933 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2010/09/18 11:27:46.0983 ================================================================================
2010/09/18 11:27:46.0983 Scan finished
2010/09/18 11:27:46.0983 ================================================================================

Here's the MBRCheck report:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU
BIOS Manufacturer: FUJITSU // Phoenix Technologies Ltd.
System Manufacturer: FUJITSU SIEMENS
System Product Name: LIFEBOOK S6410
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 216):
0x82A08000 \SystemRoot\system32\ntkrnlpa.exe
0x82E18000 \SystemRoot\system32\halmacpi.dll
0x80B9E000 \SystemRoot\system32\kdcom.dll
0x83401000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83479000 \SystemRoot\system32\PSHED.dll
0x8348A000 \SystemRoot\system32\BOOTVID.dll
0x83492000 \SystemRoot\system32\CLFS.SYS
0x834D4000 \SystemRoot\system32\CI.dll
0x8357F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x835F0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8363E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83686000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8368F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83697000 \SystemRoot\system32\DRIVERS\pci.sys
0x836C1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x836CC000 \SystemRoot\System32\drivers\partmgr.sys
0x836DD000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x836E5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x836F0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83700000 \SystemRoot\System32\drivers\volmgrx.sys
0x8374B000 \SystemRoot\system32\DRIVERS\intelide.sys
0x83752000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x83760000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8378E000 \SystemRoot\System32\drivers\mountmgr.sys
0x837A4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x837AD000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x837D0000 \SystemRoot\system32\DRIVERS\o2media.sys
0x837D9000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x83600000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83609000 \SystemRoot\system32\drivers\fltmgr.sys
0x88814000 \SystemRoot\system32\drivers\fileinfo.sys
0x88825000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88954000 \SystemRoot\System32\Drivers\msrpc.sys
0x8897F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88992000 \SystemRoot\System32\Drivers\cng.sys
0x889EF000 \SystemRoot\System32\drivers\pcw.sys
0x88800000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88A32000 \SystemRoot\system32\drivers\ndis.sys
0x88AE9000 \SystemRoot\system32\drivers\NETIO.SYS
0x88B27000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x88B4C000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x88B55000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x88B94000 \SystemRoot\System32\Drivers\spldr.sys
0x88B9C000 \SystemRoot\System32\drivers\rdyboost.sys
0x88BC9000 \SystemRoot\System32\Drivers\mup.sys
0x88BD9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x88BE1000 \SystemRoot\system32\DRIVERS\disk.sys
0x88C37000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x88C8E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88CAD000 \SystemRoot\System32\Drivers\Null.SYS
0x88CB4000 \SystemRoot\System32\Drivers\Beep.SYS
0x88CBB000 \SystemRoot\System32\drivers\vga.sys
0x88CC7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88CE8000 \SystemRoot\System32\drivers\watchdog.sys
0x88CF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88CFD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x88D05000 \SystemRoot\system32\drivers\rdprefmp.sys
0x88D0D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88D18000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F40A000 \SystemRoot\System32\drivers\tcpip.sys
0x8F553000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F584000 \SystemRoot\System32\Drivers\Mpfp.sys
0x8F5AD000 \SystemRoot\System32\Drivers\TDI.SYS
0x8F5B8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F5CF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x88D26000 \SystemRoot\system32\drivers\afd.sys
0x88D80000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F5E4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x88DB2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F5EB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F5F9000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x88DD1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x88DE4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FE2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FE70000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FE7A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FE84000 \SystemRoot\system32\drivers\mfehidk.sys
0x8FEB7000 \SystemRoot\System32\drivers\discache.sys
0x8FEC3000 \SystemRoot\system32\drivers\csc.sys
0x8FF27000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FF3F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8FF4D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8FF6E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9003E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90547000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8FF80000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FF8B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FFD6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90E3A000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x91608000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x91A1B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x91A34000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91A60000 \SystemRoot\system32\drivers\tpm.sys
0x91A6C000 \SystemRoot\system32\DRIVERS\FUJ02B1.sys
0x91A6E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91A86000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91A93000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91AA0000 \SystemRoot\system32\DRIVERS\serial.sys
0x91ABA000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91AC4000 \SystemRoot\system32\DRIVERS\SMSCirda.sys
0x91ACC000 \SystemRoot\system32\drivers\irenum.sys
0x91AD5000 \SystemRoot\system32\DRIVERS\parport.sys
0x91AED000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x91AF3000 \SystemRoot\system32\DRIVERS\FUJ02E3.sys
0x91AF5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91AF9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91B06000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91B18000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91B30000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91B3B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91B5D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91B75000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91B8C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91BA3000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91BAD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91BAF000 \SystemRoot\system32\DRIVERS\ks.sys
0x91BE3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90E8A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90ECE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90EDF000 \SystemRoot\system32\drivers\HdAudio.sys
0x90F2F000 \SystemRoot\system32\drivers\portcls.sys
0x90F5E000 \SystemRoot\system32\drivers\drmk.sys
0x9602C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x96132000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96134000 \SystemRoot\system32\drivers\modem.sys
0x97590000 \SystemRoot\System32\win32k.sys
0x96141000 \SystemRoot\System32\drivers\Dxapi.sys
0x9614B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x96158000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x96163000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9616C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x977F0000 \SystemRoot\System32\TSDDD.dll
0x9617D000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9618F000 \SystemRoot\System32\Drivers\bthport.sys
0x97420000 \SystemRoot\System32\cdd.dll
0x89E2A000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x89EC7000 \SystemRoot\system32\drivers\luafv.sys
0x89EE2000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x89F06000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x89F13000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x89F2E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x89F45000 \SystemRoot\system32\drivers\WudfPf.sys
0x89F5F000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x89F7A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x89F8D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x89F94000 \SystemRoot\System32\Drivers\usbvideo.sys
0x89FB8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x89FC3000 \SystemRoot\system32\DRIVERS\irda.sys
0x89FE1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90F77000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x89E00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x89E10000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9140B000 \SystemRoot\system32\drivers\HTTP.sys
0x91490000 \SystemRoot\system32\DRIVERS\bowser.sys
0x914A9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x914BB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x914DE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x91519000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x91534000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9153B000 \SystemRoot\system32\drivers\peauth.sys
0x915D2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA92A7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA92C8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA92D5000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9324000 \SystemRoot\System32\DRIVERS\srv.sys
0xA9375000 \SystemRoot\System32\drivers\rdpdr.sys
0xA939A000 \SystemRoot\system32\drivers\tdtcp.sys
0xA93A4000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA93B1000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA93E2000 \SystemRoot\system32\drivers\mfebopk.sys
0xA93E9000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA9200000 \SystemRoot\system32\drivers\mfesmfk.sys
0xA9209000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA9214000 \SystemRoot\system32\drivers\klmd.sys
0x77750000 \Windows\System32\ntdll.dll
0x47630000 \Windows\System32\smss.exe
0x77990000 \Windows\System32\apisetschema.dll
0x00BB0000 \Windows\System32\autochk.exe
0x77970000 \Windows\System32\nsi.dll
0x778D0000 \Windows\System32\usp10.dll
0x77890000 \Windows\System32\ws2_32.dll
0x77680000 \Windows\System32\msctf.dll
0x76A30000 \Windows\System32\shell32.dll
0x769A0000 \Windows\System32\oleaut32.dll
0x767A0000 \Windows\System32\iertutil.dll
0x766C0000 \Windows\System32\kernel32.dll
0x76560000 \Windows\System32\ole32.dll
0x76530000 \Windows\System32\imagehlp.dll
0x76510000 \Windows\System32\imm32.dll
0x76470000 \Windows\System32\advapi32.dll
0x76460000 \Windows\System32\normaliz.dll
0x762C0000 \Windows\System32\setupapi.dll
0x762B0000 \Windows\System32\lpk.dll
0x76230000 \Windows\System32\comdlg32.dll
0x76160000 \Windows\System32\user32.dll
0x76110000 \Windows\System32\Wldap32.dll
0x760B0000 \Windows\System32\difxapi.dll
0x76020000 \Windows\System32\clbcatq.dll
0x75EE0000 \Windows\System32\urlmon.dll
0x75DE0000 \Windows\System32\wininet.dll
0x75DC0000 \Windows\System32\sechost.dll
0x75D10000 \Windows\System32\msvcrt.dll
0x75CC0000 \Windows\System32\gdi32.dll
0x75CB0000 \Windows\System32\psapi.dll
0x75C00000 \Windows\System32\rpcrt4.dll
0x75BA0000 \Windows\System32\shlwapi.dll
0x75B70000 \Windows\System32\wintrust.dll
0x75A50000 \Windows\System32\crypt32.dll
0x759C0000 \Windows\System32\comctl32.dll
0x75970000 \Windows\System32\KernelBase.dll
0x75950000 \Windows\System32\devobj.dll
0x75920000 \Windows\System32\cfgmgr32.dll
0x75910000 \Windows\System32\msasn1.dll

Processes (total 76):



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:32 AM

Posted 18 September 2010 - 06:26 PM

Please run MBRCheck again, the whole log was not produced.
Posted Image
m0le is a proud member of UNITE

#9 TeeJ76

TeeJ76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 18 September 2010 - 08:13 PM

Sorry here it is again, let me know if it's okay.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: FUJITSU
BIOS Manufacturer: FUJITSU // Phoenix Technologies Ltd.
System Manufacturer: FUJITSU SIEMENS
System Product Name: LIFEBOOK S6410
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 215):
0x82A08000 \SystemRoot\system32\ntkrnlpa.exe
0x82E18000 \SystemRoot\system32\halmacpi.dll
0x80B9E000 \SystemRoot\system32\kdcom.dll
0x83401000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83479000 \SystemRoot\system32\PSHED.dll
0x8348A000 \SystemRoot\system32\BOOTVID.dll
0x83492000 \SystemRoot\system32\CLFS.SYS
0x834D4000 \SystemRoot\system32\CI.dll
0x8357F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x835F0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8363E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83686000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8368F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83697000 \SystemRoot\system32\DRIVERS\pci.sys
0x836C1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x836CC000 \SystemRoot\System32\drivers\partmgr.sys
0x836DD000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x836E5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x836F0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83700000 \SystemRoot\System32\drivers\volmgrx.sys
0x8374B000 \SystemRoot\system32\DRIVERS\intelide.sys
0x83752000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x83760000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8378E000 \SystemRoot\System32\drivers\mountmgr.sys
0x837A4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x837AD000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x837D0000 \SystemRoot\system32\DRIVERS\o2media.sys
0x837D9000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x83600000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83609000 \SystemRoot\system32\drivers\fltmgr.sys
0x88814000 \SystemRoot\system32\drivers\fileinfo.sys
0x88825000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88954000 \SystemRoot\System32\Drivers\msrpc.sys
0x8897F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88992000 \SystemRoot\System32\Drivers\cng.sys
0x889EF000 \SystemRoot\System32\drivers\pcw.sys
0x88800000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88A32000 \SystemRoot\system32\drivers\ndis.sys
0x88AE9000 \SystemRoot\system32\drivers\NETIO.SYS
0x88B27000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x88B4C000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x88B55000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x88B94000 \SystemRoot\System32\Drivers\spldr.sys
0x88B9C000 \SystemRoot\System32\drivers\rdyboost.sys
0x88BC9000 \SystemRoot\System32\Drivers\mup.sys
0x88BD9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x88BE1000 \SystemRoot\system32\DRIVERS\disk.sys
0x88C37000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x88C8E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88CAD000 \SystemRoot\System32\Drivers\Null.SYS
0x88CB4000 \SystemRoot\System32\Drivers\Beep.SYS
0x88CBB000 \SystemRoot\System32\drivers\vga.sys
0x88CC7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88CE8000 \SystemRoot\System32\drivers\watchdog.sys
0x88CF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88CFD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x88D05000 \SystemRoot\system32\drivers\rdprefmp.sys
0x88D0D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88D18000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F40A000 \SystemRoot\System32\drivers\tcpip.sys
0x8F553000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F584000 \SystemRoot\System32\Drivers\Mpfp.sys
0x8F5AD000 \SystemRoot\System32\Drivers\TDI.SYS
0x8F5B8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F5CF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x88D26000 \SystemRoot\system32\drivers\afd.sys
0x88D80000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F5E4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x88DB2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F5EB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F5F9000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x88DD1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x88DE4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FE2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FE70000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FE7A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FE84000 \SystemRoot\system32\drivers\mfehidk.sys
0x8FEB7000 \SystemRoot\System32\drivers\discache.sys
0x8FEC3000 \SystemRoot\system32\drivers\csc.sys
0x8FF27000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FF3F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8FF4D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8FF6E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9003E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90547000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8FF80000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FF8B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FFD6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90E3A000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x91608000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x91A1B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x91A34000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91A60000 \SystemRoot\system32\drivers\tpm.sys
0x91A6C000 \SystemRoot\system32\DRIVERS\FUJ02B1.sys
0x91A6E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91A86000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91A93000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91AA0000 \SystemRoot\system32\DRIVERS\serial.sys
0x91ABA000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91AC4000 \SystemRoot\system32\DRIVERS\SMSCirda.sys
0x91ACC000 \SystemRoot\system32\drivers\irenum.sys
0x91AD5000 \SystemRoot\system32\DRIVERS\parport.sys
0x91AED000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x91AF3000 \SystemRoot\system32\DRIVERS\FUJ02E3.sys
0x91AF5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91AF9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91B06000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91B18000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91B30000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91B3B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91B5D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91B75000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91B8C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91BA3000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91BAD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91BAF000 \SystemRoot\system32\DRIVERS\ks.sys
0x91BE3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90E8A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90ECE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90EDF000 \SystemRoot\system32\drivers\HdAudio.sys
0x90F2F000 \SystemRoot\system32\drivers\portcls.sys
0x90F5E000 \SystemRoot\system32\drivers\drmk.sys
0x9602C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x96132000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96134000 \SystemRoot\system32\drivers\modem.sys
0x97590000 \SystemRoot\System32\win32k.sys
0x96141000 \SystemRoot\System32\drivers\Dxapi.sys
0x9614B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x96158000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x96163000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9616C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x977F0000 \SystemRoot\System32\TSDDD.dll
0x9617D000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9618F000 \SystemRoot\System32\Drivers\bthport.sys
0x97420000 \SystemRoot\System32\cdd.dll
0x89E2A000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x89EC7000 \SystemRoot\system32\drivers\luafv.sys
0x89EE2000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x89F06000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x89F13000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x89F2E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x89F45000 \SystemRoot\system32\drivers\WudfPf.sys
0x89F5F000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x89F7A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x89F8D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x89F94000 \SystemRoot\System32\Drivers\usbvideo.sys
0x89FB8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x89FC3000 \SystemRoot\system32\DRIVERS\irda.sys
0x89FE1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90F77000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x89E00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x89E10000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9140B000 \SystemRoot\system32\drivers\HTTP.sys
0x91490000 \SystemRoot\system32\DRIVERS\bowser.sys
0x914A9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x914BB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x914DE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x91519000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x91534000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9153B000 \SystemRoot\system32\drivers\peauth.sys
0x915D2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA92A7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA92C8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA92D5000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9324000 \SystemRoot\System32\DRIVERS\srv.sys
0xA9375000 \SystemRoot\System32\drivers\rdpdr.sys
0xA939A000 \SystemRoot\system32\drivers\tdtcp.sys
0xA93A4000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA93B1000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA93E2000 \SystemRoot\system32\drivers\mfebopk.sys
0xA93E9000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA9200000 \SystemRoot\system32\drivers\mfesmfk.sys
0xA9272000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77750000 \Windows\System32\ntdll.dll
0x47630000 \Windows\System32\smss.exe
0x77990000 \Windows\System32\apisetschema.dll
0x00BB0000 \Windows\System32\autochk.exe
0x77970000 \Windows\System32\nsi.dll
0x778D0000 \Windows\System32\usp10.dll
0x77890000 \Windows\System32\ws2_32.dll
0x77680000 \Windows\System32\msctf.dll
0x76A30000 \Windows\System32\shell32.dll
0x769A0000 \Windows\System32\oleaut32.dll
0x767A0000 \Windows\System32\iertutil.dll
0x766C0000 \Windows\System32\kernel32.dll
0x76560000 \Windows\System32\ole32.dll
0x76530000 \Windows\System32\imagehlp.dll
0x76510000 \Windows\System32\imm32.dll
0x76470000 \Windows\System32\advapi32.dll
0x76460000 \Windows\System32\normaliz.dll
0x762C0000 \Windows\System32\setupapi.dll
0x762B0000 \Windows\System32\lpk.dll
0x76230000 \Windows\System32\comdlg32.dll
0x76160000 \Windows\System32\user32.dll
0x76110000 \Windows\System32\Wldap32.dll
0x760B0000 \Windows\System32\difxapi.dll
0x76020000 \Windows\System32\clbcatq.dll
0x75EE0000 \Windows\System32\urlmon.dll
0x75DE0000 \Windows\System32\wininet.dll
0x75DC0000 \Windows\System32\sechost.dll
0x75D10000 \Windows\System32\msvcrt.dll
0x75CC0000 \Windows\System32\gdi32.dll
0x75CB0000 \Windows\System32\psapi.dll
0x75C00000 \Windows\System32\rpcrt4.dll
0x75BA0000 \Windows\System32\shlwapi.dll
0x75B70000 \Windows\System32\wintrust.dll
0x75A50000 \Windows\System32\crypt32.dll
0x759C0000 \Windows\System32\comctl32.dll
0x75970000 \Windows\System32\KernelBase.dll
0x75950000 \Windows\System32\devobj.dll
0x75920000 \Windows\System32\cfgmgr32.dll
0x75910000 \Windows\System32\msasn1.dll

Processes (total 76):
0 System Idle Process
4 System
232 C:\Windows\System32\smss.exe
332 csrss.exe
372 C:\Windows\System32\wininit.exe
384 csrss.exe
432 C:\Windows\System32\services.exe
448 C:\Windows\System32\lsass.exe
456 C:\Windows\System32\lsm.exe
552 C:\Windows\System32\svchost.exe
628 C:\Windows\System32\winlogon.exe
668 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\taskeng.exe
1356 C:\Windows\System32\spoolsv.exe
1412 C:\Windows\System32\rundll32.exe
1448 C:\Windows\System32\svchost.exe
1544 C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
1568 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1592 C:\Program Files\Bonjour\mDNSResponder.exe
1640 C:\Windows\System32\svchost.exe
1688 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1724 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1860 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1884 C:\Windows\System32\rundll32.exe
1920 C:\Program Files\McAfee\MPF\MpfSrv.exe
280 C:\Program Files\McAfee\MSK\msksrver.exe
1292 C:\Program Files\O2\bin\sprtsvc.exe
1960 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
1792 C:\Windows\System32\svchost.exe
2628 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
2716 C:\Windows\System32\svchost.exe
2792 C:\Windows\System32\svchost.exe
3484 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
3644 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
3708 C:\Program Files\Windows Media Player\wmpnetwk.exe
3796 C:\Windows\System32\SearchIndexer.exe
3392 C:\Program Files\McAfee.com\Agent\mcagent.exe
1056 C:\Windows\System32\dwm.exe
3280 C:\Windows\System32\taskhost.exe
3292 C:\Windows\explorer.exe
2020 C:\Program Files\O2\bin\sprtcmd.exe
2000 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
3664 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3728 C:\Windows\System32\igfxtray.exe
2412 C:\Windows\System32\hkcmd.exe
3804 C:\Windows\System32\igfxpers.exe
1580 C:\Windows\System32\igfxsrvc.exe
1132 C:\Program Files\iTunes\iTunesHelper.exe
2184 C:\Program Files\Windows Sidebar\sidebar.exe
2480 C:\Program Files\Steam\Steam.exe
2956 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
804 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
3548 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
1928 C:\Windows\System32\svchost.exe
4224 C:\Program Files\iPod\bin\iPodService.exe
4576 C:\Program Files\Common Files\Steam\SteamService.exe
5672 C:\Program Files\iTunes\iTunes.exe
5252 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
580 C:\Windows\System32\conhost.exe
1996 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
4612 C:\Windows\System32\conhost.exe
200 C:\Windows\System32\audiodg.exe
5368 C:\Users\TeeJ\AppData\Local\Google\Chrome\Application\chrome.exe
2320 C:\Users\TeeJ\AppData\Local\Google\Chrome\Application\chrome.exe
5732 C:\Users\TeeJ\AppData\Local\Google\Chrome\Application\chrome.exe
1656 C:\Users\TeeJ\AppData\Local\Google\Chrome\Application\chrome.exe
5312 C:\Users\TeeJ\AppData\Local\Google\Chrome\Application\chrome.exe
6136 WmiPrvSE.exe
2420 C:\Users\TeeJ\Desktop\MBRCheck.exe
6092 C:\Windows\System32\conhost.exe
6084 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVS-22UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:32 AM

Posted 18 September 2010 - 08:18 PM

Yep, that's okay. And the result is okay too.


Please run both OTL, a scanner, and Sophos, a rootkit/trojan scanner
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
And

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Posted Image
m0le is a proud member of UNITE

#11 TeeJ76

TeeJ76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 21 September 2010 - 03:33 PM

Hi Mole

Here are the OTL logs:


OTL logfile created on: 9/19/2010 9:59:00 AM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\TeeJ\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 8.03 Gb Free Space | 7.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEEJ-PC
Current User Name: TeeJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\TeeJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
PRC - C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\TeeJ\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_O2) SupportSoft Sprocket Service (O2) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en&source=iglk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E EB 97 FE F0 8E CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/29 08:52:03 | 000,000,000 | ---D | M]

[2010/01/17 09:16:21 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\Mozilla\Extensions
[2010/01/17 09:16:21 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [O2] C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Google Update] C:\Users\TeeJ\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/19 09:46:29 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\TeeJ\Desktop\OTL.exe
[2010/09/18 19:20:21 | 000,000,000 | ---D | C] -- C:\Users\TeeJ\Desktop\Laptop Fix
[2010/09/06 08:05:04 | 000,000,000 | ---D | C] -- C:\Users\TeeJ\Desktop\France TeeJ
[2010/09/05 14:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/05 14:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/05 14:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/24 06:49:45 | 000,000,000 | ---D | C] -- C:\Users\TeeJ\Desktop\Job stuff
[2010/03/05 10:45:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\TeeJ\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/09/19 10:02:04 | 003,932,160 | -HS- | M] () -- C:\Users\TeeJ\NTUSER.DAT
[2010/09/19 09:46:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\TeeJ\Desktop\OTL.exe
[2010/09/19 09:44:36 | 000,027,456 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/09/19 09:44:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/19 09:17:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-450084081-2493277213-2510513914-1000UA.job
[2010/09/19 02:33:37 | 000,720,488 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/19 02:33:37 | 000,623,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/19 02:33:37 | 000,109,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/18 11:29:46 | 000,080,384 | ---- | M] () -- C:\Users\TeeJ\Desktop\MBRCheck.exe
[2010/09/18 08:44:52 | 000,023,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/18 08:44:52 | 000,023,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/18 08:39:36 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\YWTXU.job
[2010/09/18 08:39:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/18 08:39:28 | 1602,981,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/18 07:45:40 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-450084081-2493277213-2510513914-1000Core.job
[2010/09/15 19:43:36 | 001,873,363 | -H-- | M] () -- C:\Users\TeeJ\AppData\Local\IconCache.db
[2010/09/15 19:07:08 | 000,001,044 | ---- | M] () -- C:\Users\TeeJ\AppData\Roaming\vso_ts_preview.xml
[2010/09/15 08:19:43 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/09/11 22:16:01 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/05 14:45:11 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/30 12:51:42 | 122,343,998 | ---- | M] () -- C:\Users\TeeJ\Documents\DiscoFunk - Vol 2.mp3

========== Files Created - No Company Name ==========

[2010/09/18 11:29:46 | 000,080,384 | ---- | C] () -- C:\Users\TeeJ\Desktop\MBRCheck.exe
[2010/09/05 14:45:11 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/30 12:54:26 | 122,343,998 | ---- | C] () -- C:\Users\TeeJ\Documents\DiscoFunk - Vol 2.mp3
[2010/08/14 06:46:40 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/25 01:39:29 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/17 12:20:09 | 000,075,776 | RHS- | C] () -- C:\Windows\System32\sqmapid.dll
[2010/04/11 20:03:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/23 12:57:35 | 000,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2010/03/19 12:04:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/18 10:17:20 | 000,112,270 | ---- | C] () -- C:\Users\TeeJ\AppData\Local\RAContactHistory.xml
[2010/03/17 08:42:33 | 000,087,608 | ---- | C] () -- C:\Users\TeeJ\AppData\Roaming\inst.exe
[2010/03/05 10:55:00 | 000,001,044 | ---- | C] () -- C:\Users\TeeJ\AppData\Roaming\vso_ts_preview.xml
[2010/03/05 10:47:10 | 000,000,033 | ---- | C] () -- C:\Users\TeeJ\AppData\Roaming\pcouffin.log
[2010/03/05 10:45:56 | 000,087,608 | ---- | C] () -- C:\Users\TeeJ\AppData\Roaming\ezpinst.exe
[2010/03/05 10:45:56 | 000,007,887 | ---- | C] () -- C:\Users\TeeJ\AppData\Roaming\pcouffin.cat
[2010/03/05 10:45:56 | 000,001,144 | ---- | C] () -- C:\Users\TeeJ\AppData\Roaming\pcouffin.inf
[2010/01/19 11:10:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/01/19 11:00:37 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/03 04:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2010/01/17 19:58:30 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\Ableton
[2010/09/15 19:43:38 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\BitTorrent
[2010/07/29 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\LimeWire
[2010/02/17 10:37:59 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\OpenOffice.org
[2010/03/18 10:17:08 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\PeerNetworking
[2010/03/17 08:47:27 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\Samsung
[2010/09/19 09:16:59 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\Spotify
[2010/02/26 10:31:13 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\TeamViewer
[2010/09/15 07:42:33 | 000,000,000 | ---D | M] -- C:\Users\TeeJ\AppData\Roaming\Vso
[2010/09/15 08:19:43 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/08/01 01:00:11 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/07/14 05:53:46 | 000,021,196 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/18 08:39:36 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\YWTXU.job

========== Purity Check ==========


< End of report >



OTL Extras logfile created on: 9/19/2010 9:59:00 AM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\TeeJ\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 8.03 Gb Free Space | 7.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEEJ-PC
Current User Name: TeeJ
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\TeeJ\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.2.100
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D29159F-227D-45B9-BD70-94564CE259BD}" = O2InstV2Win7UpdateV1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"BitTorrent" = BitTorrent
"CDisplay_is1" = CDisplay 1.8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Everything" = Everything 1.2.1.371
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"HDMI" = Intel® Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"LimeWire" = LimeWire 5.5.8
"Live 8.0.1" = Live 8.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"Native Instruments Beatport Sync" = Native Instruments Beatport Sync
"PoiZone" = PoiZone
"Sawer" = Sawer
"Spotify" = Spotify
"Steam App 34000" = Football Manager 2010
"TeamViewer 5" = TeamViewer 5
"Toxic Biohazard" = Toxic Biohazard
"TVWiz" = Intel® TV Wizard
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft iPhone Transfer" = Xilisoft iPhone Transfer
"Xilisoft iPod Manager" = Xilisoft iPod Rip
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2010 4:04:57 AM | Computer Name = TeeJ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2199

Error - 9/19/2010 4:04:59 AM | Computer Name = TeeJ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/19/2010 4:04:59 AM | Computer Name = TeeJ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3307

Error - 9/19/2010 4:04:59 AM | Computer Name = TeeJ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3307

Error - 9/19/2010 4:19:12 AM | Computer Name = TeeJ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/19/2010 4:19:12 AM | Computer Name = TeeJ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1513

Error - 9/19/2010 4:19:12 AM | Computer Name = TeeJ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1513

Error - 9/19/2010 4:44:01 AM | Computer Name = TeeJ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/19/2010 4:44:01 AM | Computer Name = TeeJ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1490605

Error - 9/19/2010 4:44:01 AM | Computer Name = TeeJ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1490605

[ Media Center Events ]
Error - 8/9/2010 1:45:34 AM | Computer Name = TeeJ-PC | Source = MCUpdate | ID = 0
Description = 06:45:34 - Error connecting to the internet. 06:45:34 - Unable
to contact server..

Error - 8/9/2010 1:46:32 AM | Computer Name = TeeJ-PC | Source = MCUpdate | ID = 0
Description = 06:46:21 - Error connecting to the internet. 06:46:21 - Unable
to contact server..

Error - 8/12/2010 3:28:51 PM | Computer Name = TeeJ-PC | Source = MCUpdate | ID = 0
Description = 20:28:51 - Error connecting to the internet. 20:28:51 - Unable
to contact server..

Error - 8/12/2010 3:29:43 PM | Computer Name = TeeJ-PC | Source = MCUpdate | ID = 0
Description = 20:29:38 - Error connecting to the internet. 20:29:38 - Unable
to contact server..

Error - 8/12/2010 4:30:34 PM | Computer Name = TeeJ-PC | Source = MCUpdate | ID = 0
Description = 21:30:34 - Error connecting to the internet. 21:30:34 - Unable
to contact server..

Error - 8/12/2010 4:31:24 PM | Computer Name = TeeJ-PC | Source = MCUpdate | ID = 0
Description = 21:31:21 - Error connecting to the internet. 21:31:21 - Unable
to contact server..

Error - 8/16/2010 2:39:07 AM | Computer Name = TeeJ-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 8/16/2010 2:43:50 AM | Computer Name = TeeJ-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 8/16/2010 2:27:25 PM | Computer Name = TeeJ-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

Error - 8/18/2010 4:31:30 PM | Computer Name = TeeJ-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =

[ System Events ]
Error - 8/12/2010 3:25:40 PM | Computer Name = TeeJ-PC | Source = DCOM | ID = 10010
Description =

Error - 8/13/2010 10:05:48 PM | Computer Name = TeeJ-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 03:03:20 on ?14/?08/?2010 was unexpected.

Error - 8/13/2010 10:06:20 PM | Computer Name = TeeJ-PC | Source = BugCheck | ID = 1001
Description =

Error - 8/14/2010 1:43:32 PM | Computer Name = TeeJ-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (60000 milliseconds) was reached while waiting for a transaction
response from the TeamViewer5 service.

Error - 8/17/2010 1:55:01 PM | Computer Name = TeeJ-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (60000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/17/2010 1:55:01 PM | Computer Name = TeeJ-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (60000 milliseconds) was reached while waiting for a transaction
response from the TeamViewer5 service.

Error - 8/18/2010 2:22:14 PM | Computer Name = TeeJ-PC | Source = BROWSER | ID = 8032
Description =

Error - 8/21/2010 12:36:21 PM | Computer Name = TeeJ-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (60000 milliseconds) was reached while waiting for a transaction
response from the mcmscsvc service.

Error - 8/23/2010 12:20:40 PM | Computer Name = TeeJ-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (60000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/28/2010 9:36:05 PM | Computer Name = TeeJ-PC | Source = DCOM | ID = 10010
Description =


< End of report >


I followed your instructions on how to run the ARK but every time I tried to run it it would just hang when it says

"Scanning Windows registry...HKEY_LOCAL_MACHINE"

I don't know if it has anything to do with it but when I tried to run it before I hit start scan the running processes box was greyed out so I couldn't check or uncheck it.



#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:32 AM

Posted 21 September 2010 - 05:50 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010/09/18 08:39:36 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\YWTXU.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Which browser(s) are the redirects on?
Posted Image
m0le is a proud member of UNITE

#13 TeeJ76

TeeJ76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 22 September 2010 - 12:17 AM

Here's the OTL log after running the fix:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\Tasks\YWTXU.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.12.1 log created on 09222010_061504


The redirects only seem to happen on IE8, Chrome is fine.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:32 AM

Posted 22 September 2010 - 05:02 AM

Let's take a look at the registry and see what's been attached.

Open Notepad (go to Start > Run and type in Notepad and click OK).
Copy/paste the following text inside the code box into a new notepad document.

CODE
@ECHO OFF
regedit /e look1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"
regedit /e look2.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes"
Type look*.txt >log.txt
start log.txt
del look1.txt look2.txt
del %0
  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: look.bat
  • Save as type: All file types (*.*)
  • Click save
  • Close the Notepad.
  • Locate look.bat on the desktop.
  • Double click the icon or Right-click to run it as administrator if you have Vista or Windows 7.
  • A notepad opens, copy and paste the content (log.txt) to your reply.

Posted Image
m0le is a proud member of UNITE

#15 TeeJ76

TeeJ76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 22 September 2010 - 01:11 PM

Here you go:


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
"DisplayName"="@ieframe.dll,-12512"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{76D96666-1F51-4E5F-8390-22CC4E12970C}"
"DownloadRetries"=dword:00000000
"DownloadUpdates"=dword:00000001
"Version"=dword:00000002
"UpgradeTime"=hex:99,32,33,e9,bc,8f,ca,01

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}"
"FaviconURLFallback"="http://www.bing.com/favicon.ico"
"FaviconPath"="C:\\Users\\TeeJ\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName"="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{76D96666-1F51-4E5F-8390-22CC4E12970C}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
"ShowSearchSuggestions"=dword:00000001
"SuggestionsURL"="http://clients5.google.com/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding}"
"OSDFileURL"="http://www.ieaddons.com/gb/DownloadHandler.ashx?ResourceId=813"
"FaviconURL"="http://www.google.com/favicon.ico"
"FaviconPath"="C:\\Users\\TeeJ\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{76D96666-1F51-4E5F-8390-22CC4E12970C}.ico"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users