Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

scour.com redirect virus after windows recovery virus and other problems


  • This topic is locked This topic is locked
23 replies to this topic

#1 greta2011

greta2011

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 07 June 2011 - 09:36 AM

Had the Windows Recvoery virus. I think it has been removed. Still have a redirect virus, can't get rid of it. There are some other issues I've been having with my PC as well: windows installer error messages for a program that was removed, cant download SP3, just to name a couple.

dds and gmer logs are as follows:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 6:31:22 on 2000-02-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1280.661 [GMT -8:00]
.
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRunOnce: [BootExecute] c:\docume~1\owner\locals~1\temp\tempor~1.zip\ROOTKI~1.EXE /s /be
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\sesame.lnk - c:\sesame\program\sesame.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
Trusted Zone: ucdavis.edu
Trusted Zone: ucdavis.edu\sisweb
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2C290729-35F7-4084-AB02-DA507FEB4BE9} : DhcpNameServer = 192.168.1.1
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-24 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-24 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-10-24 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-24 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-24 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-24 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-24 40488]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2000-2-19 39984]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-24 34152]
.
=============== Created Last 30 ================
.
2011-04-18 15:00:31 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-04-17 04:38:15 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-04-17 04:38:15 215920 ----a-w- c:\windows\system32\muweb.dll
2011-04-17 04:38:15 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-04-17 01:23:43 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-04-17 01:23:37 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-04-12 02:23:34 -------- d-----w- c:\documents and settings\owner\application data\HpUpdate
2011-04-12 02:23:26 -------- d-----w- c:\windows\Hewlett-Packard
2011-04-12 00:30:20 -------- d-----w- c:\documents and settings\owner\local settings\application data\HP
2011-04-12 00:27:07 -------- d-----w- c:\documents and settings\all users\application data\WEBREG
2011-04-11 02:17:31 -------- d-----w- c:\program files\Yahoo!
2011-04-11 02:09:32 -------- d-----w- c:\program files\common files\HP
2011-04-11 02:08:56 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-04-11 01:56:56 -------- d-----w- c:\program files\HP
2011-04-11 01:55:21 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2011-04-11 01:54:39 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2011-04-11 01:50:34 312832 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
2011-04-11 01:50:34 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2011-04-11 01:50:33 452408 ----a-r- c:\windows\system32\hpzids01.dll
2011-04-11 01:49:33 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2011-04-06 21:51:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-04-06 19:52:34 445504 ----a-r- c:\windows\system32\vp6vfw.dll
2011-04-05 03:45:54 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2011-04-03 19:19:30 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2011-03-25 19:01:56 -------- d-----w- c:\windows\ie8updates
2011-03-23 03:02:54 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-23 03:02:53 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-03-23 03:02:19 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-03-23 03:01:26 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-03-23 03:01:07 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-23 02:59:07 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-23 02:59:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-03-23 02:59:02 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-23 02:52:34 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2011-03-23 01:59:45 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-03-23 01:22:00 -------- dc----w- c:\windows\ie8
2011-02-11 13:25:52 229888 ------w- c:\windows\system32\dllcache\fxscover.exe
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\dllcache\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\dllcache\encdec.dll
2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\dllcache\lhmstscx.dll
2011-01-27 11:57:06 677888 ------w- c:\windows\system32\dllcache\lhmstsc.exe
2011-01-21 14:44:37 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-07 14:09:02 290432 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-12-09 14:30:22 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2010-11-18 18:12:44 81920 ------w- c:\windows\system32\dllcache\isign32.dll
2010-11-09 14:52:35 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2010-11-09 14:52:35 249856 ------w- c:\windows\system32\dllcache\odbc32.dll
2010-11-09 14:52:35 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2010-11-09 14:52:35 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2010-11-09 14:52:35 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2010-11-09 14:52:35 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2010-08-27 05:57:43 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-16 12:05:55 1288192 ------w- c:\windows\system32\dllcache\ole32.dll
2010-06-18 17:45:17 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2010-04-16 15:36:56 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2010-03-05 14:37:40 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-01-13 14:01:25 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-01-12 19:05:13 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-24 06:59:40 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-10-21 05:38:36 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-09-04 21:03:36 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-07-27 23:17:41 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
2009-07-21 08:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 19:01:06 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-17 16:22:18 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-07-13 17:08:14 286720 -c----w- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 17:08:12 5541888 ------w- c:\windows\system32\dllcache\wmp.dll
2009-06-29 16:12:14 18944 ----a-w- c:\windows\system32\dllcache\corpol.dll
2009-06-25 08:25:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25:26 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 08:25:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-24 11:18:41 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 14:36:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-06-10 16:19:38 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 14:13:29 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 06:14:49 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-05-22 02:58:14 287256 ----a-r- c:\windows\system32\AbaleZip.dll
2009-05-07 15:32:35 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-04-20 17:17:26 45568 ------w- c:\windows\system32\dllcache\dnsrslvr.dll
2009-04-16 19:32:30 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-04-16 19:32:29 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 19:32:29 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-04-16 19:32:28 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 19:32:28 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 19:32:28 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 19:32:27 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 19:32:26 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 19:32:26 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 19:31:38 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-04-16 19:31:36 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:51:25 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-10 08:01:38 413032 ----a-w- c:\windows\system32\wmspdmod.dll
2009-04-10 08:01:38 413032 ----a-w- c:\windows\system32\dllcache\wmspdmod.dll
2009-03-21 14:06:58 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2009-03-08 21:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 21:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 21:21:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 21:20:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 11:35:32 743424 ------w- c:\program files\internet explorer\iedvtool.dll
2009-03-08 11:35:12 233984 ------w- c:\program files\internet explorer\jsprofilerui.dll
2009-03-08 11:35:04 2048 ------w- c:\program files\internet explorer\iecompat.dll
2009-03-08 11:35:04 144384 ------w- c:\program files\internet explorer\ExtExport.exe
2009-03-08 11:35:04 118272 ------w- c:\program files\internet explorer\JSProfilerCore.dll
2009-03-08 11:35:02 521216 ------w- c:\program files\internet explorer\jsdbgui.dll
2009-03-08 11:35:02 121344 ------w- c:\program files\internet explorer\jsdebuggeride.dll
2009-03-08 11:33:18 12800 ----a-w- c:\program files\internet explorer\xpshims.dll
2009-02-03 19:59:07 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-01-27 01:20:57 -------- d-----w- c:\documents and settings\owner\application data\Unity
2009-01-27 01:14:29 -------- d-----w- c:\documents and settings\owner\local settings\application data\Unity
2009-01-27 01:14:22 -------- d-----w- c:\program files\Unity
2009-01-08 01:20:54 134144 ------w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-08 01:20:54 134144 ------w- c:\program files\internet explorer\sqmapi.dll
2009-01-08 01:20:52 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-01-08 01:20:52 1497088 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-01-08 01:20:52 1022976 ------w- c:\windows\system32\dllcache\browseui.dll
2009-01-08 01:20:18 355832 ------w- c:\program files\internet explorer\pdm.dll
2009-01-08 01:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
2008-12-16 12:30:34 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2008-12-05 06:54:55 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2008-12-04 03:05:50 20480 ----a-w- c:\windows\system32\hpzisn12.dll
2008-12-04 03:05:46 29696 ----a-w- c:\windows\system32\hpzipt12.dll
2008-12-04 03:05:44 33792 ----a-w- c:\windows\system32\HPZipr12.dll
2008-12-04 03:05:42 53760 ----a-w- c:\windows\system32\HPZipm12.dll
2008-12-04 03:05:36 49152 ----a-w- c:\windows\system32\HPZidr12.dll
2008-12-04 03:05:32 44544 ----a-w- c:\windows\system32\HPZinw12.dll
2008-11-25 22:17:01 -------- d-----w- c:\documents and settings\owner\local settings\application data\RadonLabs
2008-11-25 22:16:28 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2008-11-12 07:38:45 455936 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 07:38:25 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2008-10-27 17:58:27 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2008-10-27 17:57:55 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2008-10-27 17:57:51 692736 ------w- c:\windows\system32\dllcache\inetcomm.dll
2008-10-27 17:57:28 -------- d-----w- c:\windows\$hf_mig$
2008-10-27 16:49:49 -------- d-----w- c:\windows\system32\scripting
2008-10-27 16:49:35 -------- d-----w- c:\windows\l2schemas
2008-10-27 16:49:30 -------- d-----w- c:\windows\system32\en
2008-10-27 16:25:56 -------- d-----w- c:\windows\EHome
2008-10-24 20:59:09 -------- d-----w- c:\program files\SiteAdvisor
2008-10-24 20:42:02 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2008-10-24 20:42:00 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2008-10-24 20:41:59 79240 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2008-10-24 20:41:33 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2008-10-24 20:34:47 276992 -c----w- c:\windows\system32\wmphoto.dll
2008-10-24 20:34:24 69120 -c----w- c:\windows\system32\wlanapi.dll
2008-10-24 20:34:24 69120 ----a-w- c:\windows\system32\dllcache\wlanapi.dll
2008-10-24 20:34:07 712704 -c----w- c:\windows\system32\windowscodecs.dll
2008-10-24 20:34:07 346112 -c----w- c:\windows\system32\windowscodecsext.dll
2008-10-24 20:33:00 50688 -c----w- c:\windows\system32\tspkg.dll
2008-10-24 20:33:00 50688 ----a-w- c:\windows\system32\dllcache\tspkg.dll
2008-10-24 20:32:58 53248 -c----w- c:\windows\system32\tsgqec.dll
2008-10-24 20:32:58 53248 ----a-w- c:\windows\system32\dllcache\tsgqec.dll
2008-10-24 20:32:39 173568 ----a-w- c:\windows\system32\dllcache\sysmoda.dll
2008-10-24 20:32:07 576512 ----a-w- c:\windows\system32\dllcache\sprc0424.dll
2008-10-24 20:32:06 577536 ----a-w- c:\windows\system32\dllcache\sprc041b.dll
2008-10-24 20:31:20 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2008-10-24 20:31:17 32768 -c----w- c:\windows\system32\setupn.exe
2008-10-24 20:31:17 32768 ----a-w- c:\windows\system32\dllcache\setupn.exe
2008-10-24 20:31:08 199680 ----a-w- c:\windows\system32\dllcache\scripta.dll
2008-10-24 20:30:48 290304 -c----w- c:\windows\system32\rhttpaa.dll
2008-10-24 20:30:48 290304 ----a-w- c:\windows\system32\dllcache\rhttpaa.dll
2008-10-24 20:30:38 61952 ------w- c:\windows\system32\rasqec.dll
2008-10-24 20:30:32 76800 ------w- c:\windows\system32\qutil.dll
2008-10-24 20:30:21 62464 -c----w- c:\windows\system32\qcliprov.dll
2008-10-24 20:30:21 62464 ----a-w- c:\windows\system32\dllcache\qcliprov.dll
2008-10-24 20:30:19 291328 ------w- c:\windows\system32\qagentrt.dll
2008-10-24 20:30:19 150528 -c----w- c:\windows\system32\qagent.dll
2008-10-24 20:30:19 150528 ----a-w- c:\windows\system32\dllcache\qagent.dll
2008-10-24 20:30:04 412160 -c----w- c:\windows\system32\photometadatahandler.dll
2008-10-24 20:30:01 -------- d-----w- c:\program files\common files\McAfee
2008-10-24 20:29:40 144384 ------w- c:\windows\system32\onex.dll
2008-10-24 20:29:25 -------- d-----w- c:\program files\McAfee.com
2008-10-24 20:28:21 176640 -c----w- c:\windows\system32\napstat.exe
2008-10-24 20:28:21 176640 ----a-w- c:\windows\system32\dllcache\napstat.exe
2008-10-24 20:28:20 30208 -c----w- c:\windows\system32\napipsec.dll
2008-10-24 20:28:20 30208 ----a-w- c:\windows\system32\dllcache\napipsec.dll
2008-10-24 20:28:20 193024 -c----w- c:\windows\system32\napmontr.dll
2008-10-24 20:28:20 193024 ----a-w- c:\windows\system32\dllcache\napmontr.dll
2008-10-24 20:28:13 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2008-10-24 20:28:13 79872 ------w- c:\windows\system32\msxml6r.dll
2008-10-24 20:28:12 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2008-10-24 20:28:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2008-10-24 20:28:03 -------- d-----w- c:\program files\McAfee
2008-10-24 20:27:55 76800 -c----w- c:\windows\system32\msshavmsg.dll
2008-10-24 20:27:55 76800 ----a-w- c:\windows\system32\dllcache\msshamsg.dll
2008-10-24 20:27:55 155136 -c----w- c:\windows\system32\mssha.dll
2008-10-24 20:27:55 155136 ----a-w- c:\windows\system32\dllcache\mssha.dll
2008-10-24 20:27:26 34152 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2008-10-24 20:26:48 397312 -c----w- c:\windows\system32\mmcex.dll
2008-10-24 20:26:48 397312 ----a-w- c:\windows\system32\dllcache\mmcex.dll
2008-10-24 20:26:48 33792 -c----w- c:\windows\system32\mmcperf.exe
2008-10-24 20:26:48 33792 ----a-w- c:\windows\system32\dllcache\mmcperf.exe
2008-10-24 20:26:48 106496 -c----w- c:\windows\system32\mmcfxcommon.dll
2008-10-24 20:26:48 106496 ----a-w- c:\windows\system32\dllcache\Mmcfxc.dll
2008-10-24 20:26:46 184320 -c----w- c:\windows\system32\microsoft.managementconsole.dll
2008-10-24 20:26:46 184320 ----a-w- c:\windows\system32\dllcache\mmc30.dll
2008-10-24 20:26:45 241152 ----a-w- c:\windows\system32\dllcache\migwiza.exe
2008-10-24 20:26:43 261120 ----a-w- c:\windows\system32\dllcache\migisma.dll
2008-10-24 20:25:23 37376 -c----w- c:\windows\system32\l2gpstore.dll
2008-10-24 20:25:23 37376 ----a-w- c:\windows\system32\dllcache\l2store.dll
2008-10-24 20:25:21 61440 ------w- c:\windows\system32\kmsvc.dll
2008-10-24 20:25:19 6144 -c----w- c:\windows\system32\kbdpash.dll
2008-10-24 20:25:19 6144 -c----w- c:\windows\system32\kbdnepr.dll
2008-10-24 20:25:19 6144 ----a-w- c:\windows\system32\dllcache\kbdpash.dll
2008-10-24 20:25:19 6144 ----a-w- c:\windows\system32\dllcache\kbdnepr.dll
2008-10-24 20:25:18 6144 -c----w- c:\windows\system32\kbdiultn.dll
2008-10-24 20:25:18 6144 -c----w- c:\windows\system32\kbdbhc.dll
2008-10-24 20:25:18 6144 ----a-w- c:\windows\system32\dllcache\kbdiultn.dll
2008-10-24 20:25:18 6144 ----a-w- c:\windows\system32\dllcache\kbdbhc.dll
2008-10-24 20:23:48 9216 ------w- c:\windows\system32\dot3dlg.dll
2008-10-24 20:22:42 136192 ------w- c:\windows\system32\aaclient.dll
2008-10-24 04:19:09 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 12:36:14 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2008-10-22 20:44:24 -------- d-----w- c:\documents and settings\owner\application data\McAfee
2008-10-16 00:02:06 357888 ------w- c:\windows\system32\dllcache\srv.sys
2008-10-16 00:00:42 1857920 ------w- c:\windows\system32\dllcache\win32k.sys
2008-10-16 00:00:29 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 00:00:24 2192768 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 00:00:18 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 00:00:12 2069376 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-08 23:17:33 -------- d-----w- c:\windows\system32\Adobe
2008-08-12 20:02:41 -------- d-----w- c:\documents and settings\owner\.housecall6.6
2008-07-07 20:26:58 253952 -c----w- c:\windows\system32\dllcache\es.dll
2008-06-27 13:08:40 207656 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2008-06-24 16:43:16 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2008-06-20 19:24:27 1409 -c--a-w- c:\windows\QTFont.for
2008-06-20 17:46:57 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2008-06-20 17:46:57 149504 ------w- c:\windows\system32\dllcache\dnsapi.dll
2008-06-20 11:51:12 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:40:08 138496 ------w- c:\windows\system32\dllcache\afd.sys
2008-06-20 11:08:27 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2008-06-17 19:02:19 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2008-06-12 14:23:32 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2008-05-09 10:53:40 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2008-05-09 10:53:40 420864 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2008-05-09 10:53:40 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2008-05-09 10:53:39 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2008-05-09 10:53:39 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2008-05-07 05:12:40 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2008-05-06 18:51:26 -------- d-----r- c:\documents and settings\owner\application data\Brother
2008-04-03 23:34:09 -------- d-----w- c:\documents and settings\owner\local settings\application data\MigWiz
2008-03-19 00:06:58 -------- d-----w- c:\documents and settings\all users\application data\Brother
2008-03-05 04:45:04 7680 ----a-w- c:\windows\system32\hpboidps.dll
2008-03-05 04:45:00 25600 ----a-w- c:\windows\system32\hpboid.dll
2008-03-05 04:44:58 39936 ----a-w- c:\windows\system32\hpbpro.dll
2008-03-05 04:44:52 24576 ----a-w- c:\windows\system32\hpbmiapi.dll
2008-03-05 04:44:50 7680 ----a-w- c:\windows\system32\hpbprops.dll
2008-01-04 18:09:39 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2007-12-28 19:29:04 -------- d-----w- c:\program files\common files\Laplink
2007-12-28 19:23:23 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations
2007-12-28 19:15:58 -------- d-----w- c:\documents and settings\owner\application data\Spearit
2007-12-28 19:15:58 -------- d-----w- c:\documents and settings\all users\application data\Spearit
2007-12-28 19:05:32 581192 -c--a-w- c:\windows\system32\WinusbCoInstaller.dll
2007-12-28 19:05:31 1419232 -c--a-w- c:\windows\system32\WdfCoInstaller01005.dll
2007-12-28 19:04:11 -------- d-----w- c:\program files\Microsoft
2007-11-13 16:29:32 -------- d-----w- c:\program files\Viewpoint
2007-09-24 15:31:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple
2007-08-20 10:04:34 59904 ----a-w- c:\windows\system32\dllcache\icardie.dll
2007-06-25 16:34:42 -------- d-----w- c:\documents and settings\owner\.java
2007-06-06 15:14:26 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2007-06-06 15:14:26 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2007-06-06 15:14:26 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2007-06-06 15:14:26 15064 -c--a-w- c:\windows\system32\wuapi.dll.mui
2007-05-11 05:52:34 95864 -c--a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2007-05-09 02:27:30 1991680 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2007-05-09 02:27:29 445952 ----a-w- c:\windows\system32\dllcache\ieapfltr.dll
2007-05-09 02:27:29 3698584 ----a-w- c:\windows\system32\dllcache\ieapfltr.dat
2007-05-09 02:27:28 602112 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2007-05-09 02:27:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2007-05-09 02:27:27 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2007-05-09 02:27:26 11080704 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2007-04-24 17:33:00 114688 ----a-w- c:\windows\system32\hplbdchn.dll
2007-04-13 17:30:43 33592 -c--a-w- c:\windows\system32\drivers\atwpkt264.sys
2007-04-13 17:30:39 25136 ----a-w- c:\windows\system32\drivers\atwpkt2.sys
2007-03-02 17:16:37 16384 -c--a-r- c:\documents and settings\owner\application data\microsoft\installer\{d085a1b6-90a4-11d3-82b7-00c04fa309de}\MnyIco.exe
2007-02-06 00:52:35 -------- d-----w- c:\documents and settings\owner\application data\Intuit
2007-02-06 00:49:54 -------- d-----w- c:\documents and settings\all users\application data\Intuit
2007-02-06 00:48:53 -------- d-----w- c:\program files\common files\Intuit
2007-01-30 01:02:06 2321288 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\updates\mpengine.dll
2007-01-12 01:41:38 2467128 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{db0c6a03-f128-4aaa-89db-009e16b5f0a8}\mpengine.dll
2006-12-29 18:04:43 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2006-12-13 17:49:19 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
2006-11-27 16:15:59 -------- d-----w- c:\program files\MSXML 4.0
2006-11-15 19:54:37 82432 ----a-w- c:\windows\system32\msxml4r.dll
2006-11-15 19:54:27 69632 -c--a-w- c:\windows\system32\DM1USBAPI.dll
2006-11-15 19:54:27 45056 -c--a-w- c:\windows\system32\DM1USBAPIVB.dll
2006-11-15 19:54:27 27326 -c--a-w- c:\windows\system32\drivers\DM_1USB.sys
2006-11-15 19:53:37 -------- d-----w- c:\program files\Olympus
2006-11-08 05:03:36 759296 ----a-w- c:\windows\system32\dllcache\VGX.dll
2006-11-08 05:03:36 33792 ------w- c:\program files\internet explorer\custsat.dll
2006-11-08 05:03:36 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2006-11-08 05:03:36 236544 ----a-w- c:\windows\system32\dllcache\webcheck.dll
2006-11-07 11:27:10 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2006-11-07 11:26:28 173568 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2006-11-07 11:26:24 128512 ----a-w- c:\windows\system32\dllcache\advpack.dll
2006-11-07 11:25:58 10240 ----a-w- c:\windows\system32\advpack.dll.mui
2006-11-02 15:22:54 492000 ------w- c:\windows\system32\drivers\wdf01000.sys
2006-11-02 15:22:52 32224 ------w- c:\windows\system32\drivers\wdfldr.sys
2006-11-02 15:00:10 24136 -c----w- c:\windows\system32\winusb.dll
2006-11-02 15:00:08 39368 ------w- c:\windows\system32\drivers\winusb.sys
2006-10-17 20:05:22 105984 ----a-w- c:\windows\system32\dllcache\url.dll
2006-10-17 20:04:46 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2006-10-17 20:04:40 638816 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2006-10-17 20:02:20 1241088 ----a-w- c:\windows\system32\ieframe.dll.mui
2006-10-17 19:57:58 34816 ----a-w- c:\windows\system32\dllcache\imgutil.dll
2006-10-17 19:56:10 45568 ----a-w- c:\windows\system32\dllcache\mshta.exe
2006-10-14 08:13:25 974848 ------w- c:\windows\system32\dllcache\mfc42u.dll
2006-10-04 16:08:07 -------- d-----w- C:\CTReport
2006-09-28 00:05:43 -------- d-----w- c:\windows\network diagnostic
2006-09-18 22:24:34 -------- d-----w- c:\program files\NetworkStreaming
2006-07-19 21:57:31 2467128 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2006-07-18 17:38:11 -------- d-----w- c:\documents and settings\owner\application data\McAfee.com Personal Firewall
2006-07-17 23:08:44 -------- d-----w- c:\documents and settings\owner\application data\BAKUP_WPO_10
2006-07-13 17:38:36 -------- d-----w- c:\documents and settings\owner\local settings\application data\AOL
2006-07-11 18:21:00 -------- d-----w- C:\Sesame
2006-07-06 16:26:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\Identities
2006-06-29 15:05:44 26112 ----a-w- c:\windows\system32\idndl.dll
2006-06-29 15:05:44 23552 ----a-w- c:\windows\system32\normaliz.dll
2006-06-29 00:59:26 24576 ----a-w- c:\windows\system32\nlsdl.dll
2006-06-22 21:53:06 -------- d-----w- c:\documents and settings\owner\application data\fltk.org
2006-06-01 17:04:43 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple Computer
2006-06-01 16:55:17 38229 -c----w- c:\windows\system32\drivers\StMp3Rec.sys
2006-06-01 16:50:19 -------- d-----w- c:\windows\Downloaded Installations
2006-05-24 00:25:52 402736 -c----w- c:\windows\system32\SET266.tmp
2006-05-24 00:25:52 402736 -c----w- c:\windows\system32\SET261.tmp
2006-05-23 21:27:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe
2006-05-22 23:14:42 -------- d-----w- c:\windows\system32\LogFiles
2006-05-19 15:08:32 5962240 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2006-05-10 05:23:01 66560 ----a-w- c:\windows\system32\dllcache\mshtmled.dll
2006-05-10 05:23:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2006-05-10 05:23:01 46592 ----a-w- c:\windows\system32\dllcache\pngfilt.dll
2006-05-10 05:23:01 193536 ----a-w- c:\windows\system32\dllcache\msrating.dll
2006-05-10 05:22:59 348160 ----a-w- c:\windows\system32\dllcache\dxtmsft.dll
2006-05-10 05:22:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2006-05-10 05:22:59 216064 ----a-w- c:\windows\system32\dllcache\dxtrans.dll
2006-05-10 05:22:59 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2006-05-10 05:22:59 133120 -c--a-w- c:\windows\system32\dllcache\extmgr.dll
2006-04-10 20:00:30 236928 -c----w- c:\windows\system32\dllcache\WgaLogon.dll
2006-04-10 20:00:28 336768 -c----w- c:\windows\system32\dllcache\WgaTray.exe
2006-03-17 00:38:01 28672 ------w- c:\windows\system32\verclsid.exe
2006-02-01 22:43:10 -------- d-----w- c:\documents and settings\owner\local settings\application data\Corel
2005-12-19 17:25:46 -------- d-----w- c:\documents and settings\owner\local settings\application data\toaster
2005-12-16 01:49:27 -------- d-----w- c:\program files\common files\Scanner
2005-12-06 14:02:16 5533696 -c--a-w- c:\windows\system32\SET4AB.tmp
2005-08-03 23:59:34 6560 -c--a-w- c:\windows\system32\zntport.sys
2005-08-03 23:59:34 129536 -c--a-w- c:\windows\system32\ntport.dll
2005-07-11 17:47:36 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2005-07-11 16:55:14 221184 -c--a-w- c:\windows\system32\wmpns.dll
2005-07-11 16:50:48 -------- d-----w- c:\windows\peernet
2005-07-11 16:50:46 -------- d-----w- c:\windows\provisioning
2005-07-01 19:01:15 -------- d-----w- c:\windows\system32\PreInstall
2005-06-30 21:37:43 -------- d-----w- c:\windows\system32\SoftwareDistribution
2005-06-24 19:05:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2005-06-08 17:29:03 245408 -c--a-w- c:\windows\system32\unicows.dll
2005-06-08 17:24:14 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
2005-06-08 17:24:14 47616 -c--a-w- c:\program files\windows media player\msoobci.dll
2005-05-17 00:43:39 689152 ----a-w- c:\windows\system32\dllcache\xpsp3res.dll
2005-04-27 17:54:24 916480 ----a-w- c:\windows\system32\wininet.dll
2005-04-27 17:54:24 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2005-04-26 06:29:15 68096 ----a-w- c:\windows\system32\webclnt.dll
2005-04-22 05:20:24 57344 ----a-w- c:\windows\system32\dllcache\agentdpv.dll
2005-04-04 07:50:00 548963 -c--a-w- c:\program files\common files\installshield\driver\11\intel 32\_ISRES1033.dll
2005-04-04 07:41:46 778240 -c--a-w- c:\program files\common files\installshield\driver\11\intel 32\IDriver2.exe
2005-04-04 07:41:46 778240 -c--a-w- c:\program files\common files\installshield\driver\11\intel 32\IDriver.exe
2005-04-04 07:41:10 69632 ----a-w- c:\program files\common files\installshield\driver\11\intel 32\IDriverT.exe
2005-04-04 06:04:10 421888 -c--a-w- c:\program files\common files\installshield\driver\11\intel 32\ISRT.dll
2005-04-04 06:02:12 200704 -c--a-w- c:\program files\common files\installshield\driver\11\intel 32\iGdiCnv.dll
2005-04-04 06:01:48 274432 -c--a-w- c:\program files\common files\installshield\driver\11\intel 32\IScrCnv.dll
2005-04-04 06:01:08 184320 -c--a-w- c:\program files\common files\installshield\driver\11\intel 32\IUserCnv.dll
2005-04-04 05:57:24 32768 -c--a-w- c:\program files\common files\installshield\driver\11\intel 32\objpscnv.dll
2005-03-11 22:07:13 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2005-03-02 18:20:03 62464 ----a-w- c:\windows\system32\authz.dll
2005-02-23 01:03:57 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2005-01-14 05:33:52 74752 ----a-w- c:\windows\system32\olecli32.dll
2005-01-14 05:33:52 401408 ----a-w- c:\windows\system32\rpcss.dll
2005-01-14 05:33:52 1288192 ----a-w- c:\windows\system32\ole32.dll
2005-01-06 17:15:33 384512 ----a-w- c:\windows\system32\mp4sdmod.dll
2005-01-06 17:15:33 384512 ----a-w- c:\windows\system32\dllcache\mp4sdmod.dll
2005-01-06 17:15:33 310272 -c--a-w- c:\windows\system32\mp43dmod.dll
2005-01-06 17:15:33 310272 -c--a-w- c:\windows\system32\dllcache\mp43dmod.dll
2005-01-06 17:15:32 240640 -c--a-w- c:\windows\system32\mpg4dmod.dll
2005-01-06 17:15:32 240640 ----a-w- c:\windows\system32\dllcache\mpg4dmod.dll
2005-01-06 17:15:14 226816 -c--a-w- c:\program files\windows media player\npdrmv2.dll
2005-01-06 17:15:14 226816 ----a-w- c:\windows\system32\dllcache\npdrmv2.dll
2005-01-06 17:15:13 10240 -c--a-w- c:\program files\windows media player\npwmsdrm.dll
2005-01-06 17:15:13 10240 ----a-w- c:\windows\system32\dllcache\npwmsdrm.dll
2005-01-06 17:14:28 -------- d-----w- c:\documents and settings\owner\application data\You've Got Pictures Screensaver
2005-01-06 17:11:28 115920 -c--a-w- c:\windows\system32\MSInet.ocx
2005-01-06 17:11:28 10752 -c--a-w- c:\windows\system32\aamd532.dll
2005-01-06 17:11:27 102400 -c--a-w- c:\windows\system32\SimpleRegistry.dll
2005-01-06 17:11:04 -------- d-----w- c:\documents and settings\all users\application data\Pure Networks
2004-12-08 00:37:46 1210880 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2004-12-02 19:14:59 545280 -c--a-w- c:\windows\system32\hhctrl.ocx
2004-11-19 17:54:55 1044480 -c--a-w- c:\windows\system32\roboex32.dll
2004-11-16 21:32:24 72704 ----a-w- c:\windows\system32\hlink.dll
2004-11-03 21:03:25 89088 -c--a-w- c:\windows\system32\atl71.dll
2004-10-28 15:45:59 1435648 ----a-w- c:\windows\system32\query.dll
2004-10-28 15:45:58 69120 ----a-w- c:\windows\system32\ciodm.dll
2004-10-28 01:29:54 101888 ----a-w- c:\windows\system32\cscdll.dll
2004-10-06 22:53:56 -------- d-----w- c:\windows\tempData
2004-10-06 00:00:21 11264 -c----w- c:\windows\system32\spnpinst.exe
2004-10-06 00:00:21 11264 ----a-w- c:\windows\system32\dllcache\spnpinst.exe
2004-10-04 15:58:45 -------- d-----w- c:\program files\Microsoft Hardware
2004-09-23 16:32:04 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2004-09-23 16:32:04 194328 -c--a-w- c:\windows\system32\wuaueng1.dll
2004-09-23 16:32:03 575704 -c--a-w- c:\windows\system32\dllcache\wuapi.dll
2004-09-23 16:32:03 35552 -c--a-w- c:\windows\system32\dllcache\wups.dll
2004-09-23 16:32:03 327896 -c--a-w- c:\windows\system32\dllcache\wucltui.dll
2004-09-23 16:32:03 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2004-09-23 16:32:02 172312 -c--a-w- c:\windows\system32\wuauclt1.exe
2004-08-26 17:53:48 94720 ----a-w- c:\windows\system32\dllcache\inseng.dll
2004-08-21 07:54:17 338432 ----a-w- c:\windows\system32\zipfldr.dll
2004-08-20 22:01:15 87552 ----a-w- c:\windows\system32\fldrclnr.dll
2004-08-20 22:01:15 713216 ----a-w- c:\windows\system32\sxs.dll
2004-08-20 22:01:15 19968 ----a-w- c:\windows\system32\linkinfo.dll
2004-08-18 22:14:33 -------- d-----w- c:\documents and settings\owner\application data\AOL
2004-08-04 07:55:59 63488 -c----w- c:\program files\internet explorer\mui\041e\browselc.dll
2004-08-04 06:10:39 59136 ------w- c:\windows\system32\drivers\rfcomm.sys
2004-08-04 06:10:38 37888 ------w- c:\windows\system32\drivers\bthmodem.sys
2004-08-04 06:10:38 17024 ------w- c:\windows\system32\drivers\bthenum.sys
2004-08-04 06:10:37 36480 ------w- c:\windows\system32\drivers\bthprint.sys
2004-08-04 06:10:37 272128 ------w- c:\windows\system32\drivers\bthport.sys
2004-08-04 06:10:36 25600 ------w- c:\windows\system32\drivers\hidbth.sys
2004-08-04 06:10:34 18944 ------w- c:\windows\system32\drivers\bthusb.sys
2004-08-04 06:10:10 121984 ------w- c:\windows\system32\drivers\usbvideo.sys
2004-08-04 06:07:47 79232 ------w- c:\windows\system32\drivers\sdbus.sys
2004-08-04 06:07:47 15488 ------w- c:\windows\system32\drivers\mssmbios.sys
2004-08-04 06:07:43 46464 ------w- c:\windows\system32\drivers\gagp30kx.sys
2004-08-04 06:07:43 44672 ------w- c:\windows\system32\drivers\uagp35.sys
2004-08-04 06:07:42 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2004-08-04 06:07:42 40960 ------w- c:\windows\system32\drivers\sisagp.sys
2004-08-04 06:07:41 42752 ------w- c:\windows\system32\drivers\alim1541.sys
2004-08-04 06:04:33 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2004-08-04 06:04:31 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2004-08-04 06:01:19 129792 ------w- c:\windows\system32\drivers\fltmgr.sys
2004-08-04 06:00:13 265728 ------w- c:\windows\system32\drivers\http.sys
2004-08-04 06:00:06 36608 ------w- c:\windows\system32\drivers\ip6fw.sys
2004-08-04 05:59:57 385024 ----a-w- c:\windows\system32\html.iec
2004-08-04 05:59:54 11904 ------w- c:\windows\system32\drivers\sffdisk.sys
2004-08-04 05:59:54 11008 ------w- c:\windows\system32\drivers\sffp_sd.sys
2004-08-04 05:59:19 36352 ------w- c:\windows\system32\drivers\intelppm.sys
2004-08-04 05:58:38 101120 ------w- c:\windows\system32\drivers\bthpan.sys
2004-08-04 05:29:40 11935 -c--a-w- c:\windows\system32\dllcache\wadv11nt.sys
2004-07-30 19:07:39 274944 ----a-w- c:\windows\system32\mstask.dll
2004-07-30 19:07:39 12288 -c--a-w- c:\windows\system32\mstinit.exe
2004-07-30 19:07:39 12288 ----a-w- c:\windows\system32\dllcache\mstinit.exe
2004-07-30 19:07:38 192512 ----a-w- c:\windows\system32\schedsvc.dll
2004-07-30 19:07:15 138240 ----a-w- c:\windows\system32\itss.dll
2004-07-30 19:06:45 -------- d-----w- c:\windows\system32\bits
2004-07-30 19:06:23 8192 -c----w- c:\windows\system32\bitsprx2.dll
2004-07-30 19:06:23 8192 ----a-w- c:\windows\system32\dllcache\bitsprx2.dll
2004-07-30 19:06:23 7168 -c----w- c:\windows\system32\bitsprx3.dll
2004-07-30 19:06:23 7168 ----a-w- c:\windows\system32\dllcache\bitsprx3.dll
2004-07-30 19:06:23 438784 -c----w- c:\windows\system32\xpob2res.dll
2004-07-30 19:06:23 438784 ----a-w- c:\windows\system32\dllcache\xpob2res.dll
2004-07-30 19:06:23 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2004-07-30 19:06:22 354816 ----a-w- c:\windows\system32\winhttp.dll
2004-07-29 22:50:08 39424 -c--a-w- c:\windows\system32\grpconv.exe
2004-07-29 22:50:08 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2004-07-23 17:45:21 -------- d-----w- c:\program files\common files\NSV
2004-07-17 18:40:21 19528 -c--a-w- c:\windows\003727_.tmp
2004-07-16 09:30:54 540772 -c--a-w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
2004-07-16 08:23:54 761856 -c--a-w- c:\program files\common files\installshield\driver\10\intel 32\IDriver2.exe
2004-07-16 08:23:54 761856 -c--a-w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
2004-07-16 08:21:58 409600 -c--a-w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
2004-07-16 08:19:58 180224 -c--a-w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
2004-07-16 08:19:36 266240 -c--a-w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
2004-07-16 08:18:58 172032 -c--a-w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
2004-07-16 08:16:34 32768 -c--a-w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
2004-07-09 22:41:04 6144 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\xpdprint.dll
2004-07-09 22:41:04 334848 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\xpdpp.dll
2004-07-05 07:16:02 10077 ----a-w- c:\windows\system32\XRXPSlmk.dll
2004-06-25 19:05:26 57344 -c--a-w- c:\windows\system32\dpwsockx.dll
2004-06-25 19:05:26 57344 ----a-w- c:\windows\system32\dllcache\dpwsockx.dll
2004-06-25 19:05:26 229888 -c--a-w- c:\windows\system32\dplayx.dll
2004-06-25 19:05:26 229888 ----a-w- c:\windows\system32\dllcache\dplayx.dll
2004-06-24 22:54:44 510976 -c--a-w- c:\program files\common files\system\wab32.dll
2004-06-24 22:54:44 510976 ----a-w- c:\windows\system32\dllcache\wab32.dll
2004-06-24 19:47:30 126976 -c--a-w- c:\windows\system32\FXAB32.DLL
2004-06-24 19:45:18 421888 -c--a-w- c:\windows\system32\Fxdb.dll
2004-06-18 21:40:50 33280 ----a-w- c:\windows\muninst.exe
2004-06-17 17:58:35 26112 ----a-w- c:\windows\system32\vdmdbg.dll
2004-06-17 17:58:35 15360 -c--a-w- c:\windows\system32\ntvdmd.dll
2004-06-17 17:58:35 15360 ----a-w- c:\windows\system32\dllcache\ntvdmd.dll
2004-06-17 00:24:49 18944 -c--a-w- c:\windows\system32\nddenb32.dll
2004-06-17 00:24:49 18944 ----a-w- c:\windows\system32\dllcache\nddenb32.dll
2004-06-16 18:32:52 111104 ----a-w- c:\windows\system32\netdde.exe
2004-06-16 13:03:30 73728 -c--a-w- c:\windows\system32\ISUSPM.cpl
2004-06-16 13:03:26 221184 ----a-w- c:\program files\common files\installshield\updateservice\ISUSPM.exe
2004-06-16 13:03:08 385024 ----a-w- c:\program files\common files\installshield\updateservice\_ispmres.dll
2004-06-16 10:03:04 81920 ----a-w- c:\program files\common files\installshield\updateservice\issch.exe
2004-06-16 10:03:00 368640 -c--a-w- c:\program files\common files\installshield\updateservice\_isusres.dll
2004-06-16 10:02:54 471040 ----a-w- c:\program files\common files\installshield\updateservice\agent.exe
2004-06-16 10:01:48 217088 -c--a-w- c:\program files\common files\installshield\updateservice\ISDM.exe
2004-06-08 15:54:24 16384 -c--a-w- c:\program files\windows media player\pidgen.dll
2004-06-07 21:19:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
2004-06-04 00:43:01 264192 ----a-w- c:\windows\system32\wow32.dll
2004-05-26 21:26:42 1315328 ----a-w- c:\windows\system32\dllcache\msoe.dll
2004-05-26 21:26:42 1315328 ----a-w- c:\program files\outlook express\msoe.dll
2004-05-18 16:12:44 -------- d-----w- c:\windows\NKCCDViewerSetting
2004-05-17 22:48:03 92224 -c--a-w- c:\windows\system32\krnl386.exe
2004-05-17 22:48:03 92224 -c--a-w- c:\windows\system32\dllcache\krnl386.exe
2004-05-17 22:43:09 35424 -c--a-w- c:\windows\system32\ntio412.sys
2004-05-17 22:43:07 34560 -c--a-w- c:\windows\system32\ntio404.sys
2004-05-17 22:43:06 34560 -c--a-w- c:\windows\system32\ntio804.sys
2004-05-17 22:43:04 35648 -c--a-w- c:\windows\system32\ntio411.sys
2004-05-17 22:43:02 33840 -c--a-w- c:\windows\system32\ntio.sys
2004-04-30 19:09:01 40960 -c--a-w- c:\windows\system32\mf3216.dll
2004-04-30 19:09:01 40960 -c----w- c:\windows\system32\dllcache\evtgprov.dll
2004-04-30 19:09:01 40960 ----a-w- c:\windows\system32\dllcache\mf3216.dll
2004-04-30 19:09:00 77824 -c--a-w- c:\program files\netmeeting\nmcom.dll
2004-04-30 19:09:00 77824 ----a-w- c:\windows\system32\dllcache\nmcom.dll
2004-04-30 19:09:00 274432 -c--a-w- c:\program files\netmeeting\mst120.dll
2004-04-30 19:09:00 274432 ----a-w- c:\windows\system32\dllcache\mst120.dll
2004-04-30 19:08:59 265728 ----a-w- c:\windows\system32\h323.tsp
2004-04-30 19:08:58 614912 -c--a-w- c:\windows\system32\h323msp.dll
2004-04-30 19:08:58 614912 ----a-w- c:\windows\system32\dllcache\h323msp.dll
2004-04-30 19:08:58 385024 -c--a-w- c:\program files\netmeeting\callcont.dll
2004-04-30 19:08:58 385024 ----a-w- c:\windows\system32\dllcache\callcont.dll
2004-04-30 19:08:58 331264 ----a-w- c:\windows\system32\ipnathlp.dll
2004-04-30 19:06:42 559904 -c--a-w- c:\windows\system32\msrepl40.dll
2004-04-11 02:53:14 18432 ----a-w- c:\windows\system32\dllcache\hscupd.exe
2004-04-07 15:42:44 -------- d-----w- c:\program files\InterActual
2004-03-29 21:08:12 -------- d-----w- c:\windows\Cache
2004-02-04 05:24:20 49152 -c--a-w- c:\windows\system32\ssusbpn.dll
2003-12-05 16:46:39 98304 -c--a-r- c:\windows\system32\PSCLU113.dll
2003-12-05 16:46:39 53248 -c--a-r- c:\windows\system32\pscND113.exe
2003-12-05 16:46:39 49152 -c--a-r- c:\windows\system32\pscVSWIA.dll
2003-12-05 16:46:38 356352 -c--a-r- c:\windows\system32\pscUD113.dll
2003-12-05 16:46:37 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2003-12-05 16:46:37 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2003-12-02 17:05:50 -------- d-----w- c:\program files\OfficeUpdate11
2003-11-21 20:05:16 33792 ----a-w- c:\windows\system32\msgsvc.dll
2003-10-30 19:46:17 -------- d-----w- c:\windows\occache
2003-10-30 19:45:54 -------- d-----w- c:\documents and settings\all users\application data\Viewpoint
2003-10-30 19:41:11 1706800 -c--a-w- c:\windows\system32\gdiplus.dll
2003-10-28 04:13:16 24576 ----a-w- c:\windows\system32\odbcbcp.dll
2003-10-28 04:13:06 106496 -c--a-w- c:\windows\system32\odbccp32.dll
2003-10-28 04:13:06 106496 ----a-w- c:\windows\system32\dllcache\odbccp32.dll
2003-10-28 04:12:44 528384 -c--a-w- c:\program files\common files\system\ole db\sqloledb.dll
2003-10-28 04:12:44 442368 -c--a-w- c:\windows\system32\sqlsrv32.dll
2003-10-28 04:12:42 110592 -c--a-w- c:\windows\system32\dbnetlib.dll
2003-10-28 04:12:42 110592 ----a-w- c:\windows\system32\dllcache\dbnetlib.dll
2003-10-28 04:10:24 487424 ----a-w- c:\program files\common files\system\ole db\oledb32.dll
2003-10-28 04:09:50 151552 -c--a-w- c:\windows\system32\msdart.dll
2003-10-28 04:09:50 151552 ----a-w- c:\windows\system32\dllcache\msdart.dll
2003-10-28 04:09:44 249856 ----a-w- c:\windows\system32\odbc32.dll
2003-10-07 20:39:00 184320 -c--a-w- c:\windows\system32\bdeadmin.cpl
2003-10-02 17:50:11 836127 -c--a-w- c:\windows\Haunted.dat
2003-10-02 17:50:11 48640 -c--a-w- c:\windows\grwprocs.dll
2003-09-17 19:01:28 844314 ----a-w- c:\windows\system32\msdxm.ocx
2003-08-28 16:57:04 155136 -c--a-w- c:\windows\system32\itircl.dll
2003-08-28 16:57:04 155136 ----a-w- c:\windows\system32\dllcache\itircl.dll
2003-08-14 19:29:17 -------- d-----w- c:\windows\RegisteredPackages
2003-08-14 17:08:57 -------- d-----w- c:\windows\ServicePackFiles
2003-08-14 16:51:24 91648 -c--a-w- c:\windows\system32\xactsrv.dll
2003-08-14 16:51:24 91648 ----a-w- c:\windows\system32\dllcache\xactsrv.dll
2003-08-14 16:51:13 483840 ----a-w- c:\windows\system32\wzcsvc.dll
2003-08-14 16:50:52 52736 ----a-w- c:\windows\system32\wzcsapi.dll
2003-08-14 16:50:44 383488 ----a-w- c:\windows\system32\wzcdlg.dll
2003-08-14 16:50:39 6656 ----a-w- c:\windows\system32\wuauserv.dll
2003-08-14 16:50:00 18432 ----a-w- c:\windows\system32\wtsapi32.dll
2003-08-14 16:49:54 41984 -c--a-w- c:\windows\system32\wsnmp32.dll
2003-08-14 16:49:54 41984 ----a-w- c:\windows\system32\dllcache\wsnmp32.dll
2003-08-14 16:49:47 14336 -c--a-w- c:\windows\system32\wship6.dll
2003-08-14 16:49:47 14336 ----a-w- c:\windows\system32\dllcache\wship6.dll
2003-08-14 16:49:00 258048 -c--a-w- c:\windows\system32\wmvds32.ax
2003-08-14 16:48:42 446464 -c--a-w- c:\windows\system32\wmvdmoe.dll
2003-08-14 16:46:41 278559 -c--a-w- c:\windows\system32\wmv8ds32.ax
2003-08-14 16:46:19 311327 -c--a-w- c:\windows\system32\wmv8dmod.dll
2003-08-14 16:45:55 303616 -c--a-w- c:\windows\system32\wmstream.dll
2003-08-14 16:45:55 303616 ----a-w- c:\windows\system32\dllcache\wmstream.dll
2003-08-14 16:45:27 115200 -c--a-w- c:\windows\system32\wmsdmoe.dll
2003-08-14 16:45:27 115200 ----a-w- c:\windows\system32\dllcache\wmsdmoe.dll
2003-08-14 16:45:01 520192 -c--a-w- c:\program files\windows media player\wmpvis.dll
2003-08-14 16:43:01 77824 -c--a-w- c:\windows\system32\wmpstub.exe
2003-08-14 16:37:24 163897 -c--a-w- c:\program files\movie maker\wmmutil.dll
2003-08-14 16:37:09 319542 -c--a-w- c:\program files\movie maker\wmmres.dll
2003-08-14 16:36:50 110648 -c--a-w- c:\program files\movie maker\wmmfilt.dll
2003-08-14 16:36:38 95232 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2003-08-14 16:36:26 144896 ----a-w- c:\windows\system32\wbem\wmisvc.dll
2003-08-14 16:36:12 41472 -c--a-w- c:\windows\system32\wbem\wmipsess.dll
2003-08-14 16:36:12 41472 ----a-w- c:\windows\system32\dllcache\wmipsess.dll
2003-08-14 16:36:03 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2003-08-14 16:35:47 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2003-08-14 16:35:19 144896 ----a-w- c:\windows\system32\wbem\wmiprov.dll
2003-08-14 16:35:04 156672 ----a-w- c:\windows\system32\wbem\wmipcima.dll
2003-08-14 16:34:50 89600 -c--a-w- c:\windows\system32\wmidx.ocx
2003-08-14 16:34:38 140800 -c--a-w- c:\windows\system32\wbem\wmidcprv.dll
2003-08-14 16:34:38 140800 ----a-w- c:\windows\system32\dllcache\wmidcprv.dll
2003-08-14 16:34:24 60928 -c--a-w- c:\windows\system32\wbem\wmicookr.dll
2003-08-14 16:34:24 60928 ----a-w- c:\windows\system32\dllcache\wmicookr.dll
2003-08-14 16:34:10 51200 -c--a-w- c:\windows\system32\wmerrenu.dll
2003-08-14 16:32:51 92672 ----a-w- c:\windows\system32\wlnotify.dll
2003-08-14 16:32:24 172032 ----a-w- c:\windows\system32\wldap32.dll
2003-08-14 16:32:07 53760 ----a-w- c:\windows\system32\winsta.dll
2003-08-14 16:31:16 176128 ----a-w- c:\windows\system32\winmm.dll
2003-08-14 16:29:10 283648 ----a-w- c:\windows\winhlp32.exe
2003-08-14 16:25:08 124416 -c--a-w- c:\windows\system32\wiadss.dll
2003-08-14 16:25:08 124416 ----a-w- c:\windows\system32\dllcache\wiadss.dll
2003-08-14 16:24:57 65024 -c--a-w- c:\windows\system32\wextract.exe
2003-08-14 16:24:57 65024 ----a-w- c:\windows\system32\dllcache\wextract.exe
2003-08-14 16:24:48 135680 -c--a-w- c:\windows\system32\webvw.dll
2003-08-14 16:24:48 135680 ----a-w- c:\windows\system32\dllcache\webvw.dll
2003-08-14 16:24:34 1326080 -c--a-w- c:\windows\system32\webfldrs.msi
2003-08-14 16:20:20 197120 -c--a-w- c:\windows\system32\wbem\wbemupgd.dll
2003-08-14 16:20:20 197120 ----a-w- c:\windows\system32\dllcache\wbemupgd.dll
2003-08-14 16:20:06 18944 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2003-08-14 16:20:00 273920 ----a-w- c:\windows\system32\wbem\wbemess.dll
2003-08-14 16:19:37 531456 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2003-08-14 16:19:02 214528 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2003-08-14 16:18:43 17664 ----a-w- c:\windows\system32\watchdog.sys
2003-08-14 16:18:31 249856 -c--a-w- c:\program files\common files\system\wab32res.dll
2003-08-14 16:18:31 249856 ----a-w- c:\windows\system32\dllcache\wab32res.dll
2003-08-14 16:16:57 175104 ----a-w- c:\windows\system32\w32time.dll
2003-08-14 16:16:41 430592 ----a-w- c:\windows\system32\vssapi.dll
2003-08-14 16:16:00 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2003-08-14 16:14:25 51712 -c--a-w- c:\windows\system32\vdmredir.dll
2003-08-14 16:14:25 51712 ----a-w- c:\windows\system32\dllcache\vdmredir.dll
2003-08-14 16:14:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2003-08-14 16:13:35 30208 -c--a-w- c:\windows\system32\vbisurf.ax
2003-08-14 16:13:28 218624 ----a-w- c:\windows\system32\uxtheme.dll
2003-08-14 16:13:07 50176 -c--a-w- c:\windows\system32\utilman.exe
2003-08-14 16:13:07 50176 ----a-w- c:\windows\system32\dllcache\utilman.exe
2003-08-14 16:12:59 406016 ----a-w- c:\windows\system32\usp10.dll
2003-08-14 16:08:25 18432 ----a-w- c:\windows\system32\ups.exe
2003-08-14 16:08:19 239616 -c--a-w- c:\windows\system32\upnpui.dll
2003-08-14 16:08:19 239616 ----a-w- c:\windows\system32\dllcache\upnpui.dll
2003-08-14 16:08:00 185856 ----a-w- c:\windows\system32\upnphost.dll
2003-08-14 16:07:42 133632 ----a-w- c:\windows\system32\upnp.dll
2003-08-14 04:08:24 123392 ----a-w- c:\windows\system32\umpnpmgr.dll
2003-08-14 04:08:03 35840 -c--a-w- c:\windows\system32\umandlg.dll
2003-08-14 04:08:03 35840 ----a-w- c:\windows\system32\dllcache\umandlg.dll
2003-08-14 04:03:30 26624 -c--a-w- c:\windows\system32\udhisapi.dll
2003-08-14 04:03:30 26624 ----a-w- c:\windows\system32\dllcache\udhisapi.dll
2003-08-14 04:03:09 12288 ------w- c:\windows\system32\drivers\tunmp.sys
2003-08-14 04:00:29 44544 -c--a-w- c:\windows\system32\tscupgrd.exe
2003-08-14 04:00:02 93696 -c--a-w- c:\windows\system32\tscfgwmi.dll
2003-08-14 04:00:02 93696 ----a-w- c:\windows\system32\dllcache\tscfgwmi.dll
2003-08-14 03:59:49 90112 ----a-w- c:\windows\system32\trkwks.dll
2003-08-14 03:59:31 153088 -c--a-w- c:\program files\common files\microsoft shared\triedit\triedit.dll
2003-08-14 03:59:31 153088 ----a-w- c:\windows\system32\dllcache\triedit.dll
2003-08-14 03:58:16 12288 -c--a-w- c:\windows\system32\tracert.exe
2003-08-14 03:58:16 12288 ----a-w- c:\windows\system32\dllcache\tracert.exe
2003-08-14 03:56:53 385536 ----a-w- c:\windows\system32\themeui.dll
2003-08-14 03:44:38 295424 ----a-w- c:\windows\system32\termsrv.dll
2003-08-14 03:43:50 76288 -c--a-w- c:\windows\system32\telnet.exe
2003-08-14 03:43:50 76288 ----a-w- c:\windows\system32\dllcache\telnet.exe
2003-08-14 03:41:42 135680 ----a-w- c:\windows\system32\taskmgr.exe
2003-08-14 03:41:21 249856 ----a-w- c:\windows\system32\tapisrv.dll
2003-08-14 03:40:30 181760 ----a-w- c:\windows\system32\tapi32.dll
2003-08-14 03:35:09 218624 -c--a-w- c:\windows\system32\sysmon.ocx
2003-08-14 03:34:22 155648 -c--a-w- c:\windows\system32\dllcache\sysmod_a.dll
2003-08-14 03:33:56 193024 ----a-w- c:\windows\system32\dllcache\sysmod.dll
2003-08-14 03:27:04 247326 -c--a-w- c:\windows\system32\strmdll.dll
2003-08-14 03:27:04 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2003-08-14 03:26:00 74752 -c--a-w- c:\windows\system32\storprop.dll
2003-08-14 03:26:00 74752 ----a-w- c:\windows\system32\dllcache\storprop.dll
2003-08-14 03:25:46 121856 ----a-w- c:\windows\system32\stobject.dll
2003-08-14 03:25:29 136704 ----a-w- c:\windows\system32\sti_ci.dll
2003-08-14 03:25:08 68096 ----a-w- c:\windows\system32\sti.dll
2003-08-14 03:24:57 86528 -c--a-w- c:\windows\system32\wbem\stdprov.dll
2003-08-14 03:24:57 86528 ----a-w- c:\windows\system32\dllcache\stdprov.dll
2003-08-14 03:24:40 679936 -c--a-w- c:\windows\system32\sstext3d.scr
2003-08-14 03:24:40 679936 ----a-w- c:\windows\system32\dllcache\sstext3d.scr
2003-08-14 03:22:42 14336 -c--a-w- c:\windows\system32\ssstars.scr
2003-08-14 03:22:42 14336 ----a-w- c:\windows\system32\dllcache\ssstars.scr
2003-08-14 03:22:39 610304 -c--a-w- c:\windows\system32\sspipes.scr
2003-08-14 03:22:39 610304 ----a-w- c:\windows\system32\dllcache\sspipes.scr
2003-08-14 03:21:04 18944 -c--a-w- c:\windows\system32\ssmyst.scr
2003-08-14 03:21:04 18944 ----a-w- c:\windows\system32\dllcache\ssmyst.scr
2003-08-14 03:21:00 20992 -c--a-w- c:\windows\system32\ssmarque.scr
2003-08-14 03:21:00 20992 ----a-w- c:\windows\system32\dllcache\ssmarque.scr
2003-08-14 03:20:55 393216 -c--a-w- c:\windows\system32\ssflwbox.scr
2003-08-14 03:20:55 393216 ----a-w- c:\windows\system32\dllcache\ssflwbox.scr
2003-08-14 03:20:00 71680 ----a-w- c:\windows\system32\ssdpsrv.dll
2003-08-14 03:19:50 34816 ----a-w- c:\windows\system32\ssdpapi.dll
2003-08-14 03:19:43 19968 -c--a-w- c:\windows\system32\ssbezier.scr
2003-08-14 03:19:43 19968 ----a-w- c:\windows\system32\dllcache\ssbezier.scr
2003-08-14 03:19:25 704512 ----a-w- c:\windows\system32\ss3dfo.scr
2003-08-14 03:17:08 171008 ----a-w- c:\windows\system32\srsvc.dll
2003-08-14 03:16:04 67584 ----a-w- c:\windows\system32\srclient.dll
2003-08-14 03:15:53 726078 ----a-w- c:\windows\system32\dllcache\srchui.dll
2003-08-14 03:13:26 217088 -c--a-w- c:\program files\common files\system\ole db\sqlxmlx.dll
2003-08-14 03:13:26 217088 ----a-w- c:\windows\system32\dllcache\sqlxmlx.dll
2003-08-14 03:09:05 75264 ----a-w- c:\windows\system32\spoolss.dll
2003-08-14 03:06:44 130048 ----a-w- c:\windows\system32\dllcache\softkbd.dll
2003-08-14 03:04:27 18944 -c--a-w- c:\windows\system32\snmpapi.dll
2003-08-14 03:04:27 18944 ----a-w- c:\windows\system32\dllcache\snmpapi.dll
2003-08-14 03:04:06 89600 ----a-w- c:\windows\system32\smlogsvc.exe
2003-08-14 03:03:50 362496 -c--a-w- c:\windows\system32\smlogcfg.dll
2003-08-14 03:03:50 362496 ----a-w- c:\windows\system32\dllcache\smlogcfg.dll
2003-08-14 03:02:22 5888 ------w- c:\windows\system32\drivers\smbali.sys
2003-08-14 03:02:20 25088 ----a-w- c:\windows\system32\slayerxp.dll
2003-08-14 03:01:56 86016 -c--a-w- c:\windows\system32\sl_anet.acm
2003-08-14 03:01:38 26112 -c--a-w- c:\windows\system32\skeys.exe
2003-08-14 03:01:38 26112 ----a-w- c:\windows\system32\dllcache\skeys.exe
2003-08-14 03:01:32 16384 -c--a-w- c:\windows\system32\simpdata.tlb
2003-08-14 03:01:31 70144 -c--a-w- c:\windows\system32\sigverif.exe
2003-08-14 03:01:31 70144 ----a-w- c:\windows\system32\dllcache\sigverif.exe
2003-08-14 03:01:09 13312 -c--a-w- c:\windows\system32\sigtab.dll
2003-08-14 03:01:09 13312 ----a-w- c:\windows\system32\dllcache\sigtab.dll
2003-08-14 02:59:37 45056 ----a-w- c:\windows\system32\shmgrate.exe
2003-08-14 02:58:04 439296 ----a-w- c:\windows\system32\shimgvw.dll
2003-08-14 02:56:59 65024 ----a-w- c:\windows\system32\shimeng.dll
2003-08-14 02:56:48 68096 ----a-w- c:\windows\system32\shgina.dll
2003-08-14 02:56:36 25088 ----a-w- c:\windows\system32\shfolder.dll
2003-08-14 02:35:08 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2003-08-14 02:34:43 140288 ----a-w- c:\windows\system32\sfc_os.dll
2003-08-14 02:30:55 73216 ----a-w- c:\windows\system32\dllcache\setup50.exe
2003-08-14 02:30:55 73216 ----a-w- c:\program files\outlook express\setup50.exe
2003-08-14 02:30:42 23040 -c--a-w- c:\windows\system32\setup.exe
2003-08-14 02:30:42 23040 ----a-w- c:\windows\system32\dllcache\setup.exe
2003-08-14 02:30:02 7168 ----a-w- c:\windows\system32\sensapi.dll
2003-08-14 02:30:00 39424 ----a-w- c:\windows\system32\sens.dll
2003-08-14 02:29:52 56832 ----a-w- c:\windows\system32\secur32.dll
2003-08-14 02:29:41 77312 -c--a-w- c:\windows\system32\sdbinst.exe
2003-08-14 02:29:41 77312 ----a-w- c:\windows\system32\dllcache\sdbinst.exe
2003-08-14 02:29:05 9216 -c--a-w- c:\windows\system32\scrnsave.scr
2003-08-14 02:29:05 9216 ----a-w- c:\windows\system32\dllcache\scrnsave.scr
2003-08-14 02:29:03 188416 -c--a-w- c:\windows\system32\dllcache\script_a.dll
2003-08-14 02:28:33 215552 ----a-w- c:\windows\system32\dllcache\script.dll
2003-08-14 02:26:58 314880 ----a-w- c:\windows\system32\scesrv.dll
2003-08-14 02:26:07 181248 ----a-w- c:\windows\system32\scecli.dll
2003-08-14 02:25:37 171008 -c--a-w- c:\windows\system32\sccsccp.dll
2003-08-14 02:25:37 171008 ----a-w- c:\windows\system32\dllcache\sccsccp.dll
2003-08-14 02:25:03 169984 -c--a-w- c:\windows\system32\sccbase.dll
2003-08-14 02:23:58 741376 -c--a-w- c:\program files\common files\microsoft shared\speech\sapi.dll
2003-08-14 02:23:58 741376 ----a-w- c:\windows\system32\dllcache\sapi.dll
2003-08-14 02:21:25 14336 -c--a-w- c:\windows\system32\runonce.exe
2003-08-14 02:21:25 14336 ----a-w- c:\windows\system32\dllcache\runonce.exe
2003-08-14 02:21:22 77312 -c--a-w- c:\windows\system32\rtcshare.exe
2003-08-14 02:21:22 77312 ----a-w- c:\windows\system32\dllcache\rtcshare.exe
2003-08-14 02:18:43 208384 ----a-w- c:\windows\system32\rsaenh.dll
2003-08-14 02:18:17 61440 -c--a-w- c:\program files\netmeeting\rrcm.dll
2003-08-14 02:18:17 61440 ----a-w- c:\windows\system32\dllcache\rrcm.dll
2003-08-14 02:13:32 178176 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2003-08-14 02:13:05 60416 ----a-w- c:\windows\system32\remotepg.dll
2003-08-14 02:12:54 146432 ----a-w- c:\windows\regedit.exe
2003-08-14 02:12:33 49664 ----a-w- c:\windows\system32\regapi.dll
2003-08-14 02:12:24 50176 ----a-w- c:\windows\system32\reg.exe
2003-08-14 02:12:18 3338 -c--a-w- c:\windows\system32\redir.exe
2003-08-14 02:12:18 3338 ----a-w- c:\windows\system32\dllcache\redir.exe
2003-08-14 02:12:08 13824 -c--a-w- c:\windows\system32\rdsaddin.exe
2003-08-14 02:12:08 13824 ----a-w- c:\windows\system32\dllcache\rdsaddin.exe
2003-08-14 02:12:05 87176 -c--a-w- c:\windows\system32\rdpwsx.dll
2003-08-14 02:12:05 87176 ----a-w- c:\windows\system32\dllcache\rdpwsx.dll
2003-08-14 02:11:25 19968 -c--a-w- c:\windows\system32\rdpsnd.dll
2003-08-14 02:11:25 19968 ----a-w- c:\windows\system32\dllcache\rdpsnd.dll
2003-08-14 02:10:33 92424 -c--a-w- c:\windows\system32\rdpdd.dll
2003-08-14 02:10:33 92424 ----a-w- c:\windows\system32\dllcache\rdpdd.dll
2003-08-14 02:10:14 62976 ----a-w- c:\windows\system32\rdpclip.exe
2003-08-14 02:10:06 147968 -c--a-w- c:\windows\system32\rdchost.dll
2003-08-14 02:10:06 147968 ----a-w- c:\windows\system32\dllcache\rdchost.dll
2003-08-14 02:09:08 35840 -c--a-w- c:\windows\system32\rcimlby.exe
2003-08-14 02:09:08 35840 ----a-w- c:\windows\system32\dllcache\rcimlby.exe
2003-08-14 02:09:00 149504 ----a-w- c:\windows\system32\rastls.dll
2003-08-14 02:08:32 16384 -c--a-w- c:\windows\system32\rassapi.dll
2003-08-14 02:08:32 16384 ----a-w- c:\windows\system32\dllcache\rassapi.dll
2003-08-14 02:08:18 210944 ----a-w- c:\windows\system32\rasppp.dll
2003-08-14 02:04:56 79872 ----a-w- c:\windows\system32\raschap.dll
2003-08-14 01:56:35 409088 ----a-w- c:\windows\system32\qmgr.dll
2003-08-14 01:55:55 562176 -c--a-w- c:\windows\system32\qedit.dll
2003-08-14 01:55:55 562176 ----a-w- c:\windows\system32\dllcache\qedit.dll
2003-08-14 01:54:16 386048 -c--a-w- c:\windows\system32\qdvd.dll
2003-08-14 01:54:16 386048 ----a-w- c:\windows\system32\dllcache\qdvd.dll
2003-08-14 01:52:28 192512 -c--a-w- c:\windows\system32\qcap.dll
2003-08-14 01:52:28 192512 ----a-w- c:\windows\system32\dllcache\qcap.dll
2003-08-14 01:50:01 96768 ----a-w- c:\windows\system32\psbase.dll
2003-08-14 01:49:37 23040 ----a-w- c:\windows\system32\psapi.dll
2003-08-14 01:49:11 81920 -c--a-w- c:\windows\system32\proctexe.ocx
2003-08-14 01:46:45 17920 -c--a-w- c:\windows\system32\ping.exe
2003-08-14 01:46:45 17920 ----a-w- c:\windows\system32\dllcache\ping.exe
2003-08-14 01:46:42 35328 -c--a-w- c:\windows\system32\pid.dll
2003-08-14 01:46:42 35328 ----a-w- c:\windows\system32\dllcache\pid.dll
2003-08-14 01:45:11 284160 ----a-w- c:\windows\system32\pdh.dll
2003-08-14 01:43:07 67584 -c--a-w- c:\windows\system32\pautoenr.dll
2003-08-14 01:43:07 67584 ----a-w- c:\windows\system32\dllcache\pautoenr.dll
2003-08-14 01:42:43 58368 -c--a-w- c:\windows\system32\packager.exe
2003-08-14 01:42:43 58368 ----a-w- c:\windows\system32\dllcache\packager.exe
2003-08-14 01:40:59 713728 -c--a-w- c:\windows\system32\opengl32.dll
2003-08-14 01:40:59 713728 ----a-w- c:\windows\system32\dllcache\opengl32.dll
2003-08-14 01:39:36 51200 ----a-w- c:\windows\system32\dllcache\oobebaln.exe
2003-08-14 01:39:27 107008 ----a-w- c:\windows\system32\oleprn.dll
2003-08-14 01:32:42 192000 ----a-w- c:\windows\system32\offfilt.dll
2003-08-14 01:32:22 147456 -c--a-w- c:\windows\system32\odbctrac.dll
2003-08-14 01:32:22 147456 ----a-w- c:\windows\system32\dllcache\odbctrac.dll
2003-08-14 01:32:10 12288 -c--a-w- c:\windows\system32\odbcp32r.dll
2003-08-14 01:32:10 12288 ----a-w- c:\windows\system32\dllcache\odbcp32r.dll
2003-08-14 01:32:09 65536 -c--a-w- c:\windows\system32\odbccu32.dll
2003-08-14 01:32:09 65536 ----a-w- c:\windows\system32\dllcache\odbccu32.dll
2003-08-14 01:32:01 65536 -c--a-w- c:\windows\system32\odbccr32.dll
2003-08-14 01:32:01 65536 ----a-w- c:\windows\system32\dllcache\odbccr32.dll
2003-08-14 01:31:39 69632 -c--a-w- c:\windows\system32\odbcconf.exe
2003-08-14 01:31:39 69632 ----a-w- c:\windows\system32\dllcache\odbcconf.exe
2003-08-14 01:31:30 135168 -c--a-w- c:\windows\system32\odbcconf.dll
2003-08-14 01:31:30 135168 ----a-w- c:\windows\system32\dllcache\odbcconf.dll
2003-08-14 01:31:09 32768 -c--a-w- c:\windows\system32\odbcad32.exe
2003-08-14 01:31:09 32768 ----a-w- c:\windows\system32\dllcache\odbcad32.exe
2003-08-14 01:31:07 16384 -c--a-w- c:\windows\system32\odbc32gt.dll
2003-08-14 01:31:07 16384 ----a-w- c:\windows\system32\dllcache\odbc32gt.dll
2003-08-14 01:30:28 270336 ----a-w- c:\windows\system32\oakley.dll
2003-08-14 01:29:35 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2003-08-14 01:27:53 4274816 ----a-w- c:\windows\system32\nv4_disp.dll
2003-08-14 01:22:12 143360 ----a-w- c:\windows\system32\ntshrui.dll
2003-08-14 01:14:40 435200 ----a-w- c:\windows\system32\ntmssvc.dll
2003-08-14 01:13:37 179200 -c--a-w- c:\windows\system32\ntmsdba.dll
2003-08-14 01:13:37 179200 ----a-w- c:\windows\system32\dllcache\ntmsdba.dll
2003-08-14 01:13:16 40960 -c--a-w- c:\windows\system32\ntmsapi.dll
2003-08-14 01:13:16 40960 ----a-w- c:\windows\system32\dllcache\ntmsapi.dll
2003-08-14 01:13:11 118784 ----a-w- c:\windows\system32\ntmarta.dll
2003-08-14 01:12:05 44032 ----a-w- c:\windows\system32\ntlanman.dll
2003-08-14 00:50:48 54784 -c--a-w- c:\windows\system32\npptools.dll
2003-08-14 00:50:48 54784 ----a-w- c:\windows\system32\dllcache\npptools.dll
2003-08-14 00:50:29 15360 ----a-w- c:\windows\system32\dllcache\nppagent.exe
2003-08-14 00:50:27 364544 -c--a-w- c:\program files\windows media player\npdsplay.dll
2003-08-14 00:50:27 364544 ----a-w- c:\windows\system32\dllcache\npdsplay.dll
2003-08-14 00:49:18 188416 ----a-w- c:\program files\netmeeting\nmwb.dll
2003-08-14 00:48:51 172032 -c--a-w- c:\program files\netmeeting\nmoldwb.dll
2003-08-14 00:48:51 172032 ----a-w- c:\windows\system32\dllcache\nmoldwb.dll
2003-08-14 00:48:21 28672 -c--a-w- c:\windows\system32\nmmkcert.dll
2003-08-14 00:48:21 28672 ----a-w- c:\windows\system32\dllcache\nmmkcert.dll
2003-08-14 00:48:18 151552 -c--a-w- c:\program files\netmeeting\nmft.dll
2003-08-14 00:48:18 151552 ----a-w- c:\windows\system32\dllcache\nmft.dll
2003-08-14 00:47:44 81920 -c--a-w- c:\program files\netmeeting\nmchat.dll
2003-08-14 00:47:44 81920 ----a-w- c:\windows\system32\dllcache\nmchat.dll
2003-08-14 00:47:34 28672 -c--a-w- c:\program files\netmeeting\nmasnt.dll
2003-08-14 00:47:34 28672 ----a-w- c:\windows\system32\dllcache\nmasnt.dll
2003-08-14 00:47:32 229376 -c--a-w- c:\program files\netmeeting\nmas.dll
2003-08-14 00:47:32 229376 ----a-w- c:\windows\system32\dllcache\nmas.dll
2003-08-14 00:46:46 98304 ----a-w- c:\windows\system32\nlhtml.dll
2003-08-14 00:45:44 187392 ------w- c:\windows\system32\xpsp1res.dll
2003-08-14 00:45:25 1677312 -c----w- c:\windows\system32\wmvcore2.dll
2003-08-14 00:40:58 1647616 ------w- c:\windows\system32\winbrand.dll
2003-08-14 00:40:33 14208 ------w- c:\windows\system32\drivers\wacompen.sys
2003-08-14 00:40:26 30208 ------w- c:\windows\system32\drivers\usbehci.sys
2003-08-14 00:40:22 62976 ----a-w- c:\windows\system32\dllcache\spgrmr.dll
2003-08-14 00:39:00 159232 -c----w- c:\windows\system32\sbeio.dll
2003-08-14 00:39:00 159232 ----a-w- c:\windows\system32\dllcache\sbeio.dll
2003-08-14 00:38:42 270848 ------w- c:\windows\system32\sbe.dll
2003-08-14 00:36:58 12672 ------w- c:\windows\system32\drivers\mutohpen.sys
2003-08-14 00:36:56 134656 -c----w- c:\windows\system32\mssap.dll
2003-08-14 00:36:56 134656 ----a-w- c:\windows\system32\dllcache\mssap.dll
2003-08-14 00:34:52 177152 ----a-w- c:\windows\system32\msctfime.ime
2003-08-14 00:33:38 19200 ------w- c:\windows\system32\drivers\hidir.sys
2003-08-14 00:33:37 7168 -c----w- c:\windows\system32\hccoin.dll
2003-08-14 00:33:37 7168 ----a-w- c:\windows\system32\dllcache\hccoin.dll
2003-08-14 00:33:29 20992 -c----w- c:\windows\system32\faxpatch.exe
2003-08-14 00:33:25 186880 ------w- c:\windows\system32\encdec.dll
2003-08-14 00:33:00 20480 -c----w- c:\windows\system32\encapi.dll
2003-08-14 00:33:00 20480 ----a-w- c:\windows\system32\dllcache\encapi.dll
2003-08-14 00:31:59 14336 -c--a-w- c:\windows\system32\dllcache\atinpdxx.sys
2003-08-14 00:31:59 14336 -c----w- c:\windows\system32\drivers\atinpdxx.sys
2003-08-14 00:31:57 13824 -c--a-w- c:\windows\system32\dllcache\atinmdxx.sys
2003-08-14 00:31:57 13824 -c----w- c:\windows\system32\drivers\atinmdxx.sys
2003-08-14 00:31:54 57856 -c--a-w- c:\windows\system32\dllcache\atinbtxx.sys
2003-08-14 00:31:54 57856 -c----w- c:\windows\system32\drivers\atinbtxx.sys
2003-08-14 00:31:42 1057760 -c----w- c:\windows\system32\ati3d2ag.dll
2003-08-14 00:29:31 870784 -c----w- c:\windows\system32\ati3d1ag.dll
2003-08-14 00:29:31 870784 ----a-w- c:\windows\system32\dllcache\ati3d1ag.dll
2003-08-14 00:27:37 701440 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys
2003-08-14 00:27:37 701440 -c----w- c:\windows\system32\drivers\ati2mtag.sys
2003-08-14 00:26:25 327040 -c--a-w- c:\windows\system32\dllcache\ati2mtaa.sys
2003-08-14 00:26:25 327040 -c----w- c:\windows\system32\drivers\ati2mtaa.sys
2003-08-14 00:25:31 201728 -c----w- c:\windows\system32\ati2dvag.dll
2003-08-14 00:25:31 201728 ----a-w- c:\windows\system32\dllcache\ati2dvag.dll
2003-08-14 00:24:56 377984 -c----w- c:\windows\system32\ati2dvaa.dll
2003-08-14 00:24:56 377984 ----a-w- c:\windows\system32\dllcache\ati2dvaa.dll
2003-08-14 00:22:08 1703936 ----a-w- c:\windows\system32\netshell.dll
2003-08-14 00:19:40 329728 -c--a-w- c:\windows\system32\netsetup.exe
2003-08-14 00:19:40 329728 ----a-w- c:\windows\system32\dllcache\netsetup.exe
2003-08-14 00:17:41 875008 ----a-w- c:\windows\system32\netplwiz.dll
2003-08-14 00:16:22 198144 ----a-w- c:\windows\system32\netman.dll
2003-08-14 00:15:49 407040 ----a-w- c:\windows\system32\netlogon.dll
2003-08-14 00:14:30 622592 ----a-w- c:\windows\system32\netcfgx.dll
2003-08-14 00:11:31 124928 -c--a-w- c:\windows\system32\net1.exe
2003-08-14 00:11:31 124928 ----a-w- c:\windows\system32\dllcache\net1.exe
2003-08-14 00:11:11 42496 -c--a-w- c:\windows\system32\net.exe
2003-08-14 00:11:11 42496 ----a-w- c:\windows\system32\dllcache\net.exe
2003-08-14 00:10:27 57344 ----a-w- c:\windows\system32\dllcache\ndisnpp.dll
2003-08-14 00:09:31 47104 ----a-w- c:\windows\system32\wbem\ncprov.dll
2003-08-14 00:09:19 36352 ----a-w- c:\windows\system32\ncobjapi.dll
2003-08-14 00:09:11 221184 -c--a-w- c:\program files\netmeeting\nac.dll
2003-08-14 00:09:11 221184 ----a-w- c:\windows\system32\dllcache\nac.dll
2003-08-14 00:06:54 1172480 ----a-w- c:\windows\system32\msxml3.dll
2003-08-14 00:04:01 701440 ----a-w- c:\windows\system32\msxml2.dll
2003-08-14 00:01:33 24576 -c--a-w- c:\program files\common files\system\ole db\msxactps.dll
2003-08-14 00:01:33 24576 ----a-w- c:\windows\system32\dllcache\msxactps.dll
2003-08-14 00:01:28 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2003-08-14 00:01:28 204800 ----a-w- c:\windows\system32\dllcache\mswebdvd.dll
2003-08-14 00:01:01 1428992 ----a-w- c:\windows\system32\msvidctl.dll
2003-08-13 23:58:54 121344 ----a-w- c:\windows\system32\msvfw32.dll
2003-08-13 23:58:35 343040 ----a-w- c:\windows\system32\msvcrt.dll
2003-08-13 23:57:43 413696 ----a-w- c:\windows\system32\msvcp60.dll
2003-08-13 23:56:35 195072 ----a-w- c:\windows\system32\msutb.dll
2003-08-13 23:56:04 241725 -c--a-w- c:\windows\system32\msuni11.dll
2003-08-13 23:55:38 2067456 ----a-w- c:\windows\system32\mstscax.dll
2003-08-13 23:53:49 677888 ----a-w- c:\windows\system32\mstsc.exe
2003-08-13 23:50:29 57344 -c--a-w- c:\program files\netmeeting\mst123.dll
2003-08-13 23:50:29 57344 ----a-w- c:\windows\system32\dllcache\mst123.dll
2003-08-13 23:49:41 110592 ----a-w- c:\windows\system32\msscript.ocx
2003-08-13 23:48:51 69632 -c--a-w- c:\windows\system32\msscds32.ax
2003-08-13 23:48:36 11264 ----a-w- c:\windows\system32\msrle32.dll
2003-08-13 23:40:13 143360 -c--a-w- c:\windows\system32\msorcl32.dll
2003-08-13 23:40:13 143360 ----a-w- c:\windows\system32\dllcache\msorcl32.dll
2003-08-13 23:35:41 565248 ----a-w- c:\windows\system32\dllcache\msobmain.dll
2003-08-13 23:35:04 122368 ----a-w- c:\windows\system32\dllcache\msobcomm.dll
2003-08-13 23:34:38 290816 ----a-w- c:\windows\system32\msnsspc.dll
2003-08-13 23:22:12 69663 -c--a-w- c:\program files\messenger\msmsgsin.exe
2003-08-13 23:21:55 1695232 ----a-w- c:\program files\messenger\msmsgs.exe
2003-08-13 23:15:39 25088 -c--a-w- c:\windows\system32\mslbui.dll
2003-08-13 23:15:39 25088 ----a-w- c:\windows\system32\dllcache\mslbui.dll
2003-08-13 23:14:50 102400 ----a-w- c:\program files\common files\system\ado\msjro.dll
2003-08-13 23:10:08 368710 -c--a-w- c:\windows\system32\msisam11.dll
2003-08-13 23:09:08 159232 ----a-w- c:\windows\system32\msimtf.dll
2003-08-13 23:08:31 4608 ----a-w- c:\windows\system32\msimg32.dll
2003-08-13 23:08:12 271360 ----a-w- c:\windows\system32\msihnd.dll
2003-08-13 23:07:25 78848 ----a-w- c:\windows\system32\msiexec.exe
2003-08-13 23:07:14 248832 ----a-w- c:\windows\system32\msieftp.dll
2003-08-13 23:06:43 2843136 ----a-w- c:\windows\system32\msi.dll
2003-08-13 23:03:04 48128 ----a-w- c:\windows\system32\mshtmler.dll
2003-08-13 23:03:04 48128 ----a-w- c:\windows\system32\dllcache\mshtmler.dll
2003-08-13 23:01:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2003-08-13 22:52:33 294912 ----a-w- c:\windows\system32\msh263.drv
2003-08-13 22:52:00 188416 ----a-w- c:\windows\system32\msh261.drv
2003-08-13 22:51:37 180224 -c--a-w- c:\program files\messenger\msgslang.dll
2003-08-13 22:51:16 83968 -c--a-w- c:\program files\messenger\msgsc.dll
2003-08-13 22:47:30 4126 -c--a-w- c:\windows\system32\msdxmlc.dll
2003-08-13 22:47:30 4126 ----a-w- c:\windows\system32\dllcache\msdxmlc.dll
2003-08-13 22:44:23 36864 -c--a-w- c:\program files\common files\system\msadc\msdfmap.dll
2003-08-13 22:44:23 36864 ----a-w- c:\windows\system32\dllcache\msdfmap.dll
2003-08-13 22:44:04 4096 -c--a-w- c:\program files\common files\system\ole db\msdaurl.dll
2003-08-13 22:44:04 4096 ----a-w- c:\windows\system32\dllcache\msdaurl.dll
2003-08-13 22:43:59 20480 -c--a-w- c:\program files\common files\system\ole db\msdatt.dll
2003-08-13 22:43:59 20480 ----a-w- c:\windows\system32\dllcache\msdatt.dll
2003-08-13 22:43:59 12288 -c--a-w- c:\windows\system32\msdatsrc.tlb
2003-08-13 22:43:55 94208 -c--a-w- c:\program files\common files\system\ole db\msdatl3.dll
2003-08-13 22:43:55 94208 ----a-w- c:\windows\system32\dllcache\msdatl3.dll
2003-08-13 22:43:43 315392 -c--a-w- c:\program files\common files\system\ole db\msdasql.dll
2003-08-13 22:43:43 315392 ----a-w- c:\windows\system32\dllcache\msdasql.dll
2003-08-13 22:42:45 4096 -c--a-w- c:\program files\common files\system\ole db\msdasc.dll
2003-08-13 22:42:45 4096 ----a-w- c:\windows\system32\dllcache\msdasc.dll
2003-08-13 22:42:24 118784 -c--a-w- c:\program files\common files\system\msadc\msdarem.dll
2003-08-13 22:42:24 118784 ----a-w- c:\windows\system32\dllcache\msdarem.dll
2003-08-13 22:42:01 204800 -c--a-w- c:\program files\common files\system\ole db\msdaps.dll
2003-08-13 22:42:01 204800 ----a-w- c:\windows\system32\dllcache\msdaps.dll
2003-08-13 22:41:28 200704 -c--a-w- c:\program files\common files\system\msadc\msdaprst.dll
2003-08-13 22:41:28 200704 ----a-w- c:\windows\system32\dllcache\msdaprst.dll
2003-08-13 22:40:56 77824 -c--a-w- c:\program files\common files\system\ole db\msdaosp.dll
2003-08-13 22:40:56 77824 ----a-w- c:\windows\system32\dllcache\msdaosp.dll
2003-08-13 22:40:36 233472 -c--a-w- c:\program files\common files\system\ole db\msdaora.dll
2003-08-13 22:40:36 233472 ----a-w- c:\windows\system32\dllcache\msdaora.dll
2003-08-13 22:38:23 4096 -c--a-w- c:\program files\common files\system\ole db\msdaer.dll
2003-08-13 22:38:23 4096 ----a-w- c:\windows\system32\dllcache\msdaer.dll
2003-08-13 22:38:18 4096 -c--a-w- c:\program files\common files\system\ole db\msdaenum.dll
2003-08-13 22:38:18 4096 ----a-w- c:\windows\system32\dllcache\msdaenum.dll
2003-08-13 22:38:17 68608 -c--a-w- c:\windows\system32\msctfp.dll
2003-08-13 22:38:17 68608 ----a-w- c:\windows\system32\dllcache\msctfp.dll
2003-08-13 22:38:17 4096 -c--a-w- c:\program files\common files\system\ole db\msdadc.dll
2003-08-13 22:38:17 4096 ----a-w- c:\windows\system32\dllcache\msdadc.dll
2003-08-13 22:38:10 297984 ----a-w- c:\windows\system32\msctf.dll
2003-08-13 22:37:17 12288 -c--a-w- c:\windows\system32\mscpx32r.dll
2003-08-13 22:37:17 12288 ----a-w- c:\windows\system32\dllcache\mscpx32r.dll
2003-08-13 22:37:12 169984 ----a-w- c:\windows\system32\dllcache\msconfig.exe
2003-08-13 22:36:51 69632 -c--a-w- c:\windows\system32\msconf.dll
2003-08-13 22:36:51 69632 ----a-w- c:\windows\system32\dllcache\msconf.dll
2003-08-13 22:36:38 74240 ----a-w- c:\windows\system32\mscms.dll
2003-08-13 22:36:24 220160 ----a-w- c:\windows\system32\dllcache\mscandui.dll
2003-08-13 22:35:43 282654 ----a-w- c:\windows\system32\msaud32.acm
2003-08-13 22:34:35 57344 -c--a-w- c:\program files\common files\system\ado\msadrh15.dll
2003-08-13 22:34:35 57344 ----a-w- c:\windows\system32\dllcache\msadrh15.dll
2003-08-13 22:34:23 14848 ----a-w- c:\windows\system32\msadp32.acm
2003-08-13 22:34:17 200704 ----a-w- c:\program files\common files\system\ado\msadox.dll
2003-08-13 22:33:49 57344 -c--a-w- c:\program files\common files\system\ado\msador15.dll
2003-08-13 22:33:49 57344 ----a-w- c:\windows\system32\dllcache\msador15.dll
2003-08-13 22:33:39 180224 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2003-08-13 22:32:29 536576 ----a-w- c:\program files\common files\system\ado\msado15.dll
2003-08-13 22:31:07 221184 -c--a-w- c:\windows\system32\msadds32.ax
2003-08-13 22:30:13 155648 -c--a-w- c:\program files\common files\system\msadc\msadds.dll
2003-08-13 22:30:13 155648 ----a-w- c:\windows\system32\dllcache\msadds.dll
2003-08-13 22:29:43 53248 -c--a-w- c:\program files\common files\system\msadc\msadcs.dll
2003-08-13 22:29:43 53248 ----a-w- c:\windows\system32\dllcache\msadcs.dll
2003-08-13 22:29:32 143360 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2003-08-13 22:29:04 61440 -c--a-w- c:\program files\common files\system\msadc\msadcf.dll
2003-08-13 22:29:04 61440 ----a-w- c:\windows\system32\dllcache\msadcf.dll
2003-08-13 22:28:52 331776 -c--a-w- c:\program files\common files\system\msadc\msadce.dll
2003-08-13 22:28:52 331776 ----a-w- c:\windows\system32\dllcache\msadce.dll
2003-08-13 22:26:13 4639 ----a-w- c:\program files\windows media player\mplayer2.exe
2003-08-13 22:26:09 123392 -c--a-w- c:\windows\system32\dllcache\mplay32.exe
2003-08-13 22:25:48 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
2003-08-13 22:24:40 148992 -c--a-w- c:\windows\system32\mpg2splt.ax
2003-08-13 22:24:10 3558912 ----a-w- c:\program files\movie maker\moviemk.exe
2003-08-13 22:21:52 216064 ----a-w- c:\windows\system32\moricons.dll
2003-08-13 22:21:30 123904 ----a-w- c:\windows\system32\wbem\mofd.dll
2003-08-13 22:21:06 16384 -c--a-w- c:\windows\system32\wbem\mofcomp.exe
2003-08-13 22:21:06 16384 ----a-w- c:\windows\system32\dllcache\mofcomp.exe
2003-08-13 22:20:59 207360 -c--a-w- c:\windows\system32\mobsync.dll
2003-08-13 22:20:59 207360 ----a-w- c:\windows\system32\dllcache\mobsync.dll
2003-08-13 22:20:22 34560 -c--a-w- c:\windows\system32\mnmdd.dll
2003-08-13 22:20:22 34560 ----a-w- c:\windows\system32\dllcache\mnmdd.dll
2003-08-13 22:20:12 1872896 -c--a-w- c:\windows\system32\mmcndmgr.dll
2003-08-13 22:20:12 1872896 ----a-w- c:\windows\system32\dllcache\mmcndmgr.dll
2003-08-13 22:17:50 163840 -c--a-w- c:\windows\system32\mindex.dll
2003-08-13 22:17:30 236032 -c--a-w- c:\windows\system32\dllcache\migwiz_a.exe
2003-08-13 22:16:19 103936 ----a-w- c:\windows\system32\dllcache\migload.exe
2003-08-13 22:15:53 192512 -c--a-w- c:\windows\system32\dllcache\migism_a.dll
2003-08-13 22:15:13 274432 ----a-w- c:\windows\system32\dllcache\migism.dll
2003-08-13 22:05:33 514560 ----a-w- c:\windows\system32\logonui.exe
2003-08-13 22:04:04 220672 ----a-w- c:\windows\system32\logon.scr
2003-08-13 22:03:37 19968 ----a-w- c:\windows\system32\dllcache\log.dll
2003-08-13 22:03:31 11776 -c--a-w- c:\windows\system32\localui.dll
2003-08-13 22:03:31 11776 ----a-w- c:\windows\system32\dllcache\localui.dll
2003-08-13 22:02:09 399872 ----a-w- c:\windows\system32\lmrt.dll
2003-08-13 22:01:07 58880 ----a-w- c:\windows\system32\licwmi.dll
2003-08-13 22:00:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2003-08-13 22:00:54 43520 ----a-w- c:\windows\system32\dllcache\licmgr10.dll
2003-08-13 20:37:46 307260 ----a-w- c:\windows\system32\l3codeca.acm
2003-08-13 20:36:15 42537 -c--a-w- c:\windows\system32\keyboard.sys
2003-08-13 20:34:44 301568 ----a-w- c:\windows\system32\kerberos.dll
2003-08-13 20:34:10 7424 -c--a-w- c:\windows\system32\kd1394.dll
2003-08-13 20:34:10 7424 ----a-w- c:\windows\system32\dllcache\kd1394.dll
2003-08-13 20:33:59 68608 -c--a-w- c:\windows\system32\joy.cpl
2003-08-13 20:33:48 54272 ----a-w- c:\windows\system32\ixsso.dll
2003-08-13 20:31:54 59904 -c--a-w- c:\windows\system32\ipv6mon.dll
2003-08-13 20:31:54 59904 ----a-w- c:\windows\system32\dllcache\ipv6mon.dll
2003-08-13 20:31:42 53248 -c--a-w- c:\windows\system32\ipv6.exe
2003-08-13 20:31:42 53248 ----a-w- c:\windows\system32\dllcache\ipv6.exe
2003-08-13 20:31:31 183808 ----a-w- c:\windows\system32\ipsecsvc.dll
2003-08-13 20:31:04 330752 -c--a-w- c:\windows\system32\ippromon.dll
2003-08-13 20:31:04 330752 ----a-w- c:\windows\system32\dllcache\ippromon.dll
2003-08-13 20:29:29 55808 -c--a-w- c:\windows\system32\ipconfig.exe
2003-08-13 20:29:29 55808 ----a-w- c:\windows\system32\dllcache\ipconfig.exe
2003-08-13 20:29:21 129536 -c--a-w- c:\windows\system32\intl.cpl
2003-08-13 20:28:39 123392 -c--a-w- c:\windows\system32\input.dll
2003-08-13 20:28:39 123392 ----a-w- c:\windows\system32\dllcache\input.dll
2003-08-13 20:28:25 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2003-08-13 20:26:49 110080 ----a-w- c:\windows\system32\imm32.dll
2003-08-13 20:26:35 34816 ----a-w- c:\windows\system32\imgutil.dll
2003-08-13 20:26:28 36921 -c--a-w- c:\windows\system32\imeshare.dll
2003-08-13 20:26:28 36921 ----a-w- c:\windows\system32\dllcache\imeshare.dll
2003-08-13 20:26:13 150528 ----a-w- c:\windows\system32\imapi.exe
2003-08-13 20:25:38 16384 ----a-w- c:\windows\system32\imaadp32.acm
2003-08-13 20:25:31 81920 -c--a-w- c:\windows\system32\ils.dll
2003-08-13 20:25:31 81920 ----a-w- c:\windows\system32\dllcache\ils.dll
2003-08-13 20:24:36 638816 --sha-w- c:\program files\internet explorer\iexplore.exe
2003-08-13 20:24:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2003-08-13 20:24:19 71680 ----a-w- c:\windows\system32\dllcache\iesetup.dll
2003-08-13 20:23:12 229376 ----a-w- c:\windows\system32\dllcache\ieaksie.dll
2003-08-13 20:22:52 125952 ----a-w- c:\windows\system32\dllcache\ieakeng.dll
2003-08-13 20:22:26 120832 -c--a-w- c:\windows\system32\idq.dll
2003-08-13 20:22:26 120832 ----a-w- c:\windows\system32\dllcache\idq.dll
2003-08-13 20:22:09 214528 -c--a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
2003-08-13 20:22:09 214528 ----a-w- c:\windows\system32\dllcache\icwconn1.exe
2003-08-13 20:21:48 254976 -c--a-w- c:\windows\system32\icm32.dll
2003-08-13 20:21:48 254976 ----a-w- c:\windows\system32\dllcache\icm32.dll
2003-08-13 20:21:29 11264 ----a-w- c:\windows\system32\icaapi.dll
2003-08-13 20:20:39 24064 ----a-w- c:\windows\system32\pidgen.dll
2003-08-13 20:17:50 103424 ----a-w- c:\windows\system32\dpcdll.dll
2003-08-13 20:17:15 344064 ----a-w- c:\windows\system32\hnetcfg.dll
2003-08-13 20:16:51 68608 ----a-w- c:\windows\system32\dllcache\hmmapi.dll
2003-08-13 20:16:51 68608 ----a-w- c:\program files\internet explorer\hmmapi.dll
2003-08-13 20:11:10 57344 -c--a-w- c:\program files\netmeeting\h323cc.dll
2003-08-13 20:11:10 57344 ----a-w- c:\windows\system32\dllcache\h323cc.dll
2003-08-13 20:11:02 108544 -c--a-w- c:\windows\system32\dllcache\guitrn_a.dll
2003-08-13 20:10:48 133120 ----a-w- c:\windows\system32\dllcache\guitrn.dll
2003-08-13 20:09:13 400384 -c--a-w- c:\windows\system32\fxsxp32.dll
2003-08-13 20:09:13 400384 ----a-w- c:\windows\system32\dllcache\fxsxp32.dll
2003-08-13 20:08:52 192512 -c--a-w- c:\windows\system32\fxswzrd.dll
2003-08-13 20:08:52 192512 ----a-w- c:\windows\system32\dllcache\fxswzrd.dll
2003-08-13 20:08:37 154112 -c--a-w- c:\windows\system32\fxsui.dll
2003-08-13 20:08:37 154112 ----a-w- c:\windows\system32\dllcache\fxsui.dll
2003-08-13 20:08:20 397312 ----a-w- c:\windows\system32\fxstiff.dll
2003-08-13 20:07:59 246272 ----a-w- c:\windows\system32\fxst30.dll
2003-08-13 20:07:34 267776 ----a-w- c:\windows\system32\fxssvc.exe
2003-08-13 20:07:08 562176 ----a-w- c:\windows\system32\fxsst.dll
2003-08-13 20:06:57 6656 ----a-w- c:\windows\system32\fxsres.dll
2003-08-13 20:06:53 8704 -c--a-w- c:\windows\system32\fxsperf.dll
2003-08-13 20:06:53 8704 ----a-w- c:\windows\system32\dllcache\fxsperf.dll
2003-08-13 20:06:21 23552 -c--a-w- c:\windows\system32\fxsext32.dll
2003-08-13 20:06:21 23552 ----a-w- c:\windows\system32\dllcache\fxsext32.dll
2003-08-13 20:06:15 26624 -c--a-w- c:\windows\system32\fxsdrv.dll
2003-08-13 20:06:15 26624 ----a-w- c:\windows\system32\dllcache\fxsdrv.dll
2003-08-13 20:06:08 229888 ----a-w- c:\windows\system32\fxscover.exe
2003-08-13 20:05:47 285184 -c--a-w- c:\windows\system32\fxscomex.dll
2003-08-13 20:05:47 285184 ----a-w- c:\windows\system32\dllcache\fxscomex.dll
2003-08-13 20:05:19 142848 ----a-w- c:\windows\system32\fxsclnt.exe
2003-08-13 20:05:03 451584 ----a-w- c:\windows\system32\fxsapi.dll
2003-08-13 20:04:29 9344 -c--a-w- c:\windows\system32\framebuf.dll
2003-08-13 20:04:29 9344 ----a-w- c:\windows\system32\dllcache\framebuf.dll
2003-08-13 19:50:26 20992 -c--a-w- c:\windows\system32\fontview.exe
2003-08-13 19:50:26 20992 ----a-w- c:\windows\system32\dllcache\fontview.exe
2003-08-13 19:50:05 19274 -c--a-w- c:\windows\001234_.tmp
2003-08-13 19:50:00 80384 ----a-w- c:\windows\system32\faultrep.dll
2003-08-13 19:49:50 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2003-08-13 19:48:00 1033728 ----a-w- c:\windows\explorer.exe
2003-08-13 19:46:33 21504 -c--a-w- c:\windows\system32\wbem\evntrprv.dll
2003-08-13 19:46:33 21504 ----a-w- c:\windows\system32\dllcache\evntrprv.dll
2003-08-13 19:46:28 56320 ----a-w- c:\windows\system32\eventlog.dll
2003-08-13 19:46:17 193024 -c--a-w- c:\windows\system32\eudcedit.exe
2003-08-13 19:46:17 193024 ----a-w- c:\windows\system32\dllcache\eudcedit.exe
2003-08-13 19:45:39 247808 ----a-w- c:\windows\system32\wbem\esscli.dll
2003-08-13 19:44:54 23040 ----a-w- c:\windows\system32\ersvc.dll
2003-08-13 19:44:48 183296 -c--a-w- c:\windows\system32\els.dll
2003-08-13 19:44:48 183296 ----a-w- c:\windows\system32\dllcache\els.dll
2003-08-13 19:37:51 498742 -c--a-w- c:\windows\system32\dxmasf.dll
2003-08-13 19:37:51 498742 ----a-w- c:\windows\system32\dllcache\dxmasf.dll
2003-08-13 19:36:47 1298432 -c--a-w- c:\windows\system32\dxdiag.exe
2003-08-13 19:36:47 1298432 ----a-w- c:\windows\system32\dllcache\dxdiag.exe
2003-08-13 19:35:25 180224 -c--a-w- c:\windows\system32\dwwin.exe
2003-08-13 19:35:25 180224 ----a-w- c:\windows\system32\dllcache\dwwin.exe
2003-08-13 19:34:39 304128 ----a-w- c:\windows\system32\duser.dll
2003-08-13 19:34:08 10752 ----a-w- c:\windows\system32\dumprep.exe
2003-08-13 19:34:05 138752 ----a-w- c:\windows\system32\dssenh.dll
2003-08-13 19:33:50 239104 ----a-w- c:\windows\system32\dsquery.dll
2003-08-13 19:33:25 142848 -c--a-w- c:\windows\system32\dsprop.dll
2003-08-13 19:33:25 142848 ----a-w- c:\windows\system32\dllcache\dsprop.dll
2003-08-13 19:33:06 16384 -c--a-w- c:\windows\system32\ds32gt.dll
2003-08-13 19:33:06 16384 ----a-w- c:\windows\system32\dllcache\ds32gt.dll
2003-08-13 19:30:56 83456 -c--a-w- c:\windows\system32\dpvsetup.exe
2003-08-13 19:30:56 83456 ----a-w- c:\windows\system32\dllcache\dpvsetup.exe
2003-08-13 19:30:48 212480 -c--a-w- c:\windows\system32\dpvoice.dll
2003-08-13 19:30:48 212480 ----a-w- c:\windows\system32\dllcache\dpvoice.dll
2003-08-13 19:30:28 60928 -c--a-w- c:\windows\system32\dpnhupnp.dll
2003-08-13 19:30:28 60928 ----a-w- c:\windows\system32\dllcache\dpnhupnp.dll
2003-08-13 19:30:19 35328 -c--a-w- c:\windows\system32\dpnhpast.dll
2003-08-13 19:30:19 35328 ----a-w- c:\windows\system32\dllcache\dpnhpast.dll
2003-08-13 19:30:11 375296 -c--a-w- c:\windows\system32\dpnet.dll
2003-08-13 19:30:11 375296 ----a-w- c:\windows\system32\dllcache\dpnet.dll
2003-08-13 19:29:51 48128 ----a-w- c:\windows\system32\docprop2.dll
2003-08-13 19:29:24 104448 -c--a-w- c:\windows\system32\dmusic.dll
2003-08-13 19:29:24 104448 ----a-w- c:\windows\system32\dllcache\dmusic.dll
2003-08-13 19:29:07 105984 -c--a-w- c:\windows\system32\dmstyle.dll
2003-08-13 19:29:07 105984 ----a-w- c:\windows\system32\dllcache\dmstyle.dll
2003-08-13 19:28:52 82432 -c--a-w- c:\windows\system32\dmscript.dll
2003-08-13 19:28:52 82432 ----a-w- c:\windows\system32\dllcache\dmscript.dll
2003-08-13 19:28:40 35840 -c--a-w- c:\windows\system32\dmloader.dll
2003-08-13 19:28:40 35840 ----a-w- c:\windows\system32\dllcache\dmloader.dll
2003-08-13 19:28:33 181248 -c--a-w- c:\windows\system32\dmime.dll
2003-08-13 19:28:33 181248 ----a-w- c:\windows\system32\dllcache\dmime.dll
2003-08-13 19:28:06 61440 -c--a-w- c:\windows\system32\dmcompos.dll
2003-08-13 19:28:06 61440 ----a-w- c:\windows\system32\dllcache\dmcompos.dll
2003-08-13 19:27:57 28672 -c--a-w- c:\windows\system32\dmband.dll
2003-08-13 19:27:57 28672 ----a-w- c:\windows\system32\dllcache\dmband.dll
2003-08-13 19:27:50 294912 -c--a-w- c:\program files\windows media player\dlimport.exe
2003-08-13 19:27:11 181760 ----a-w- c:\windows\system32\dinput8.dll
2003-08-13 19:26:48 158720 -c--a-w- c:\windows\system32\dinput.dll
2003-08-13 19:26:48 158720 ----a-w- c:\windows\system32\dllcache\dinput.dll
2003-08-13 19:26:30 68608 ----a-w- c:\windows\system32\digest.dll
2003-08-13 19:25:52 111104 -c--a-w- c:\windows\system32\dgnet.dll
2003-08-13 19:25:52 111104 ----a-w- c:\windows\system32\dllcache\dgnet.dll
2003-08-13 19:25:40 28672 ----a-w- c:\windows\system32\dfsshlex.dll
2003-08-13 19:25:34 124416 -c--a-w- c:\windows\system32\dfrgui.dll
2003-08-13 19:25:34 124416 ----a-w- c:\windows\system32\dllcache\dfrgui.dll
2003-08-13 19:25:19 39424 -c--a-w- c:\windows\system32\dfrgsnap.dll
2003-08-13 19:25:19 39424 ----a-w- c:\windows\system32\dllcache\dfrgsnap.dll
2003-08-13 19:24:58 82944 -c--a-w- c:\windows\system32\dfrgfat.exe
2003-08-13 19:24:58 82944 ----a-w- c:\windows\system32\dllcache\dfrgfat.exe
2003-08-13 19:24:46 282624 ----a-w- c:\windows\system32\devmgr.dll
2003-08-13 19:24:03 25088 ----a-w- c:\windows\system32\defrag.exe
2003-08-13 19:23:51 279552 ----a-w- c:\windows\system32\ddraw.dll
2003-08-13 19:23:19 40960 -c--a-w- c:\program files\netmeeting\dcap32.dll
2003-08-13 19:23:19 40960 ----a-w- c:\windows\system32\dllcache\dcap32.dll
2003-08-13 19:23:13 1804 -c--a-w- c:\windows\system32\dcache.bin
2003-08-13 19:23:10 28672 -c--a-w- c:\windows\system32\dbnmpntw.dll
2003-08-13 19:22:56 24576 -c--a-w- c:\windows\system32\dbmsvinn.dll
2003-08-13 19:22:50 24576 -c--a-w- c:\windows\system32\dbmsrpcn.dll
2003-08-13 19:22:46 20480 -c--a-w- c:\windows\system32\dbmsadsn.dll
2003-08-13 19:22:42 640000 ----a-w- c:\windows\system32\dbghelp.dll
2003-08-13 19:20:20 1179648 ----a-w- c:\windows\system32\d3d8.dll
2003-08-13 19:18:47 15360 ----a-w- c:\windows\system32\ctfmon.exe
2003-08-13 19:18:37 326656 ----a-w- c:\windows\system32\cscui.dll
2003-08-13 19:17:18 74752 -c--a-w- c:\windows\system32\cryptdlg.dll
2003-08-13 19:17:18 74752 ----a-w- c:\windows\system32\dllcache\cryptdlg.dll
2003-08-13 19:15:57 163840 ----a-w- c:\windows\system32\credui.dll
2003-08-13 19:13:07 27648 -c--a-w- c:\windows\system32\conime.exe
2003-08-13 19:13:07 27648 ----a-w- c:\windows\system32\dllcache\conime.exe
2003-08-13 19:13:00 1032192 ----a-w- c:\program files\netmeeting\conf.exe
2003-08-13 19:10:17 252928 ----a-w- c:\windows\system32\compatui.dll
2003-08-13 19:07:51 25600 -c--a-w- c:\windows\system32\cmdl32.exe
2003-08-13 19:07:51 25600 ----a-w- c:\windows\system32\dllcache\cmdl32.exe
2003-08-13 19:07:41 344064 -c--a-w- c:\windows\system32\cmdial32.dll
2003-08-13 19:07:41 344064 ----a-w- c:\windows\system32\dllcache\cmdial32.dll
2003-08-13 19:07:03 58368 ----a-w- c:\windows\system32\clusapi.dll
2003-08-13 19:06:55 102912 -c--a-w- c:\windows\system32\clipbrd.exe
2003-08-13 19:06:55 102912 ----a-w- c:\windows\system32\dllcache\clipbrd.exe
2003-08-13 19:06:25 1358848 ----a-w- c:\windows\system32\wbem\cimwin32.dll
2003-08-13 19:04:22 38912 -c--a-w- c:\windows\system32\cfgbkend.dll
2003-08-13 19:04:22 38912 ----a-w- c:\windows\system32\dllcache\cfgbkend.dll
2003-08-13 19:03:55 194560 ----a-w- c:\windows\system32\certcli.dll
2003-08-13 19:03:29 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2003-08-13 19:01:56 60416 ----a-w- c:\windows\system32\cabinet.dll
2003-08-13 19:01:48 78336 ----a-w- c:\windows\system32\browsewm.dll
2003-08-13 19:00:13 77824 ----a-w- c:\windows\system32\browser.dll
2003-08-13 19:00:06 63488 ----a-w- c:\windows\system32\browselc.dll
2003-08-13 18:59:51 8704 -c--a-w- c:\windows\system32\batt.dll
2003-08-13 18:59:51 8704 ----a-w- c:\windows\system32\dllcache\batt.dll
2003-08-13 18:59:43 84992 ----a-w- c:\windows\system32\avifil32.dll
2003-08-13 18:59:21 11264 -c--a-w- c:\windows\system32\autolfn.exe
2003-08-13 18:59:21 11264 ----a-w- c:\windows\system32\dllcache\autolfn.exe
2003-08-13 18:58:38 42496 ----a-w- c:\windows\system32\audiosrv.dll
2003-08-13 18:58:25 58880 ----a-w- c:\windows\system32\atl.dll
2003-08-13 18:53:00 25088 -c--a-w- c:\windows\system32\at.exe
2003-08-13 18:53:00 25088 ----a-w- c:\windows\system32\dllcache\at.exe
2003-08-13 18:52:51 114688 -c--a-w- c:\windows\system32\asctrls.ocx
2003-08-13 18:52:07 549888 ----a-w- c:\windows\system32\appwiz.cpl
2003-08-13 18:51:11 125952 ----a-w- c:\windows\system32\apphelp.dll
2003-08-13 18:50:55 37760 ------w- c:\windows\system32\drivers\amdk7.sys
2003-08-13 18:50:45 44544 ----a-w- c:\windows\system32\alg.exe
2003-08-13 18:50:33 98304 -c--a-w- c:\windows\system32\ahui.exe
2003-08-13 18:50:33 98304 ----a-w- c:\windows\system32\dllcache\ahui.exe
2003-08-13 18:48:44 263680 -c--a-w- c:\windows\system32\adsnt.dll
2003-08-13 18:48:44 263680 ----a-w- c:\windows\system32\dllcache\adsnt.dll
2003-08-13 18:48:28 68096 -c--a-w- c:\windows\system32\adsmsext.dll
2003-08-13 18:48:28 68096 ----a-w- c:\windows\system32\dllcache\adsmsext.dll
2003-08-13 18:48:22 143360 ----a-w- c:\windows\system32\adsldpc.dll
2003-08-13 18:48:11 175616 -c--a-w- c:\windows\system32\adsldp.dll
2003-08-13 18:48:11 175616 ----a-w- c:\windows\system32\dllcache\adsldp.dll
2003-08-13 18:47:49 116224 ----a-w- c:\windows\system32\dllcache\acxtrnal.dll
2003-08-13 18:46:41 141312 ----a-w- c:\windows\system32\dllcache\aclua.dll
2003-08-13 18:45:18 100864 ----a-w- c:\windows\system32\6to4svc.dll
2003-08-13 17:43:42 -------- d-----w- C:\WUTemp
2003-08-13 01:17:04 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2003-08-13 01:17:04 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2003-08-03 18:56:16 1146184 -c--a-w- c:\windows\system32\FM20.DLL
2003-08-01 19:18:38 -------- d-----w- C:\d2c7889b640b203c3c8800
2003-08-01 19:15:36 239104 ----a-w- c:\windows\system32\srrstr.dll
2003-07-28 16:21:42 152064 ----a-w- c:\windows\system32\shmedia.dll
2003-07-26 03:14:50 799288 -c--a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPWEC.DLL
2003-07-26 03:00:16 1157696 -c--a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPSRVUTL.DLL
2003-07-24 23:40:22 512512 ----a-w- c:\windows\system32\cryptui.dll
2003-07-16 22:13:29 -------- d-----w- c:\program files\common files\Nullsoft
2003-07-15 06:57:04 32584 -c--a-w- c:\windows\system32\FM20ENU.DLL
2003-07-15 06:53:50 161336 ----a-w- c:\program files\common files\microsoft shared\smart tag\IETAG.DLL
2003-07-15 06:51:50 119648 -c--a-w- c:\program files\common files\microsoft shared\textconv\msconv97.dll
2003-07-15 06:51:44 87104 -c--a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPENCODE.DLL
2003-07-11 10:25:22 842816 ----a-w- c:\program files\common files\system\ole db\MSDAIPP.DLL
2003-07-11 10:25:22 80448 -c--a-w- c:\program files\common files\microsoft shared\web folders\PKMWS.DLL
2003-07-11 10:25:22 160320 -c--a-w- c:\program files\common files\system\ole db\MSDAPML.DLL
2003-07-11 10:15:48 1292872 ----a-w- c:\program files\common files\microsoft shared\web folders\MSONSEXT.DLL
2003-07-11 10:09:18 42568 -c--a-w- c:\program files\common files\microsoft shared\web folders\1033\NSEXTINT.DLL
2003-07-07 20:41:08 33792 -c--a-w- c:\windows\oeuninst.exe
2003-05-23 17:14:44 557568 -c--a-w- c:\windows\system32\COMCTL32.NU7
2003-05-23 17:11:30 87808 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2003-05-23 17:11:30 107696 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2003-05-23 17:11:01 -------- d-----w- c:\documents and settings\owner\application data\Symantec
2003-05-23 17:10:51 -------- d-----w- c:\documents and settings\all users\application data\Symantec
2003-05-23 17:09:51 -------- d-----w- c:\program files\common files\Symantec Shared
2003-05-13 17:28:52 1291776 ----a-w- c:\windows\system32\quartz.dll
2003-05-13 01:57:10 94208 -c--a-w- c:\program files\common files\microsoft shared\web server extensions\40\bin\fpencode.dll
2003-05-13 01:57:10 94208 ----a-w- c:\windows\system32\dllcache\fpencode.dll
2003-05-13 01:56:50 618605 -c--a-w- c:\program files\common files\microsoft shared\web server extensions\40\bin\fp4autl.dll
2003-05-13 01:56:50 618605 ----a-w- c:\windows\system32\dllcache\fp4autl.dll
2003-04-01 19:19:10 32768 -c--a-w- c:\program files\common files\installshield\driver\8\intel 32\objps8.dll
2003-04-01 19:18:50 188416 -c--a-w- c:\program files\common files\installshield\driver\8\intel 32\IUser8.dll
2003-04-01 19:18:30 327680 -c--a-w- c:\program files\common files\installshield\driver\8\intel 32\ISRT.dll
2003-04-01 19:18:10 237568 -c--a-w- c:\program files\common files\installshield\driver\8\intel 32\IScript8.dll
2003-03-31 21:29:00 625537 ----a-w- c:\windows\system32\drivers\ltmdmnt.sys
2003-03-29 01:21:36 647168 -c--a-w- c:\program files\common files\installshield\driver\8\intel 32\IDriver2.exe
2003-03-29 01:21:36 647168 -c--a-w- c:\program files\common files\installshield\driver\8\intel 32\IDriver.exe
2003-03-25 23:40:14 62464 ----a-w- c:\windows\system32\cryptsvc.dll
2003-03-19 11:14:52 499712 -c--a-w- c:\program files\common files\microsoft shared\msdesigners7\MSVCP71.DLL
2003-03-19 05:20:00 1060864 -c--a-w- c:\windows\system32\mfc71.dll
2003-03-19 05:12:12 1047552 -c--a-w- c:\windows\system32\mfc71u.dll
2003-03-19 04:14:52 499712 -c--a-w- c:\program files\common files\microsoft shared\visual database tools\MSVCP71.DLL
2003-03-06 01:45:24 290816 -c--a-w- c:\program files\common files\installshield\driver\8\intel 32\_ISRES1033.dll
2003-03-03 17:24:32 33792 -c--a-w- c:\windows\ieuninst.exe
2003-03-03 16:24:32 33792 -c--a-w- c:\windows\Q330994.exe
2003-02-21 19:42:22 348160 -c--a-w- c:\program files\common files\microsoft shared\msdesigners7\MSVCR71.DLL
2003-02-21 12:42:22 348160 -c--a-w- c:\program files\common files\microsoft shared\visual database tools\MSVCR71.DLL
2003-01-31 23:46:24 247808 ----a-w- c:\windows\system32\newdev.dll
2003-01-13 18:32:50 -------- d-----w- c:\documents and settings\owner\eng1b
2003-01-10 21:43:46 41472 -c--a-w- c:\windows\system32\hhsetup.dll
2003-01-10 21:43:46 41472 ----a-w- c:\windows\system32\dllcache\hhsetup.dll
2003-01-09 16:57:00 198424 -c--a-w- c:\windows\system32\iuengine.dll
2003-01-09 16:57:00 198424 -c--a-w- c:\windows\system32\dllcache\iuengine.dll
2003-01-02 16:56:22 7552 -c--a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2003-01-02 16:56:22 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2002-12-20 22:02:44 1077336 -c--a-w- c:\windows\system32\MSCOMCTL.OCX
2002-12-18 22:12:31 -------- d-sh--w- c:\documents and settings\owner\UserData
2002-12-18 03:09:24 2071752 -c--a-w- c:\program files\common files\system\ole db\MSOLAP80.DLL
2002-12-18 03:09:14 1031336 -c--a-w- c:\program files\common files\system\ole db\MSMDGD80.DLL
2002-12-18 03:09:02 224416 -c--a-w- c:\program files\common files\system\ole db\MSMDCB80.DLL
2002-12-18 03:08:54 1383592 -c--a-w- c:\program files\common files\system\ole db\MSDMINE.DLL
2002-12-18 03:08:50 359600 -c--a-w- c:\program files\common files\system\ole db\MSDMENG.DLL
2002-12-04 01:50:10 75264 ----a-w- c:\windows\system32\locator.exe
2002-11-26 22:36:52 10752 ----a-w- c:\windows\hh.exe
2002-11-20 18:50:52 72704 -c--a-w- c:\windows\system32\magnify.exe
2002-11-20 18:50:52 72704 ----a-w- c:\windows\system32\dllcache\magnify.exe
2002-11-20 18:50:52 53760 -c--a-w- c:\windows\system32\narrator.exe
2002-11-20 18:50:52 53760 ----a-w- c:\windows\system32\dllcache\narrator.exe
2002-11-20 18:50:52 215552 -c--a-w- c:\windows\system32\osk.exe
2002-11-20 18:50:52 215552 ----a-w- c:\windows\system32\dllcache\osk.exe
2002-11-08 18:47:44 -------- d-----w- c:\windows\SOFTDISK
2002-11-08 18:47:16 77312 -c--a-w- c:\windows\pysoft_uninstaller.exe
2002-11-08 18:46:03 -------- d-----w- c:\documents and settings\all users\application data\Softdisk LLC
2002-11-08 18:45:47 877755 -c--a-w- c:\windows\system32\Bouncing Turkeys.scr
2002-11-04 17:31:25 26112 -c--a-w- c:\windows\system32\xpsp1hfm.exe
2002-10-11 22:09:02 2479616 ----a-w- c:\windows\system32\dllcache\msoeres.dll
2002-10-11 22:09:02 2479616 ----a-w- c:\program files\outlook express\msoeres.dll
2002-10-11 22:08:36 48128 -c--a-w- c:\windows\system32\inetres.dll
2002-10-11 22:08:36 48128 ----a-w- c:\windows\system32\dllcache\inetres.dll
2002-09-23 22:10:26 599040 ----a-w- c:\windows\system32\crypt32.dll
2002-08-29 10:41:00 423936 ----a-w- c:\windows\system32\licdll.dll
2002-08-07 17:02:47 5856 -c--a-w- c:\windows\system32\INET16.DLL
2002-08-07 17:02:24 -------- d-----w- c:\windows\Intuit
2002-06-28 19:27:51 -------- d-----w- c:\windows\MVUNINST
2002-04-29 18:43:13 29184 -c--a-w- c:\windows\system32\sstunst2.exe
2002-04-24 20:57:09 398416 -c--a-w- c:\windows\system\VBRUN300.DLL
2002-04-16 21:16:43 -------- d-----w- c:\program files\JavaSoft
2002-04-15 16:38:12 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2002-04-11 20:25:25 290816 -c--a-w- c:\windows\system32\MSXBSE35.DLL
2002-04-11 20:25:25 254976 -c--a-w- c:\windows\system32\MSEXCL35.DLL
2002-04-11 20:25:25 253952 -c--a-w- c:\windows\system32\MSPDOX35.DLL
2002-04-11 20:25:25 169984 -c--a-w- c:\windows\system32\MSLTUS35.DLL
2002-04-11 20:25:25 166912 -c--a-w- c:\windows\system32\MSTEXT35.DLL
2002-04-11 20:25:07 299520 -c--a-w- c:\windows\uninst.exe
2002-04-10 04:14:36 187560 -c--a-w- c:\program files\common files\system\ole db\MSMDUN80.DLL
2002-04-03 17:33:09 99840 -c--a-r- c:\windows\system32\ltfil10N.DLL
2002-04-03 17:33:09 39936 -c--a-r- c:\windows\system32\lfgif10N.dll
2002-04-03 17:33:09 291840 -c--a-r- c:\windows\system32\ltkrn10N.dll
2002-04-03 17:33:09 240128 -c--a-r- c:\windows\system32\Lfcmp10n.dll
2002-04-03 17:33:09 226304 -c--a-r- c:\windows\system32\LTDIS10N.dll
2002-03-22 04:41:56 53248 -c--a-w- c:\windows\system32\mskbcoin.dll
2002-03-05 03:09:46 549376 ----a-w- c:\windows\system32\shdoclc.dll
2002-02-18 00:26:10 86016 -c--a-w- c:\program files\common files\microsoft shared\proof\MSSPELL3.DLL
2002-02-13 22:02:35 -------- d-----w- c:\windows\msdownld.tmp
2002-02-13 01:14:12 658432 ----a-w- c:\windows\system32\rasdlg.dll
2002-02-13 01:14:04 237056 ----a-w- c:\windows\system32\rasapi32.dll
2002-02-11 22:49:19 90112 -c--a-w- c:\windows\unvise32.exe
2002-01-09 17:31:36 -------- d-----w- c:\windows\PIF
2002-01-08 19:59:35 272896 -c--a-w- c:\windows\system32\Ntwdblib.dll
2002-01-08 19:59:28 721168 -c--a-w- c:\windows\system32\VB40032.DLL
2002-01-08 17:42:25 -------- d-----w- c:\windows\ShellNew
2002-01-07 19:20:18 64512 -c--a-w- c:\windows\system32\PackethSvc.exe
2002-01-07 19:20:01 49152 -c--a-w- c:\program files\internet explorer\plugins\nphppi.dll
2002-01-07 19:20:01 1338880 -c--a-w- c:\windows\system32\shdocvw.bak
2002-01-07 19:19:54 -------- d-----w- C:\My Music
2002-01-07 19:19:46 -------- d-----w- c:\program files\common files\Real
2002-01-07 19:19:32 22608 ----a-w- c:\windows\system32\drivers\wandrv.sys
2002-01-07 19:19:31 29184 -c--a-w- c:\windows\system32\popup.ocx
2002-01-07 19:14:52 -------- d-s---w- c:\windows\system32\Microsoft
2002-01-05 11:48:16 974848 -c--a-w- c:\windows\system32\mfc70.dll
2002-01-05 11:36:38 964608 -c--a-w- c:\windows\system32\mfc70u.dll
2002-01-05 10:40:20 487424 -c--a-w- c:\windows\system32\msvcp70.dll
2002-01-05 10:38:38 54784 -c--a-w- c:\windows\system32\msvci70.dll
2002-01-05 10:37:28 344064 -c--a-w- c:\windows\system32\msvcr70.dll
2002-01-05 09:18:20 84992 -c--a-w- c:\windows\system32\atl70.dll
2002-01-02 16:37:00 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2002-01-02 16:35:54 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2002-01-02 16:35:54 4096 ----a-w- c:\windows\system32\ksuser.dll
2002-01-02 16:35:54 2944 ----a-w- c:\windows\system32\drivers\msmpu401.sys
2002-01-02 16:35:54 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2002-01-02 16:35:54 129536 -c--a-w- c:\windows\system32\ksproxy.ax
2001-11-19 23:25:46 228016 -c--a-w- c:\program files\common files\system\ole db\MSOLUI80.DLL
.
==================== Find3M ====================
.
2011-05-29 17:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:18:24 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-02 15:17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-18 17:45:17 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 16:17:24 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-24 06:59:40 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-15 16:28:26 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-07-13 17:08:14 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-24 11:18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-20 17:17:26 45568 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-03-08 11:33:40 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:32:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:31:02 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 11:30:56 66560 ----a-w- c:\windows\system32\tdc.ocx
2009-03-08 11:22:38 156160 ----a-w- c:\windows\system32\msls31.dll
2009-02-09 12:10:48 714752 ------w- c:\windows\system32\_000011_.tmp.dll
2009-02-09 12:10:48 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-06 11:11:05 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 10:39:08 35328 -c--a-w- c:\windows\system32\sc.exe
2008-10-23 12:36:14 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-10-16 14:43:01 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:26:58 253952 ----a-w- c:\windows\system32\es.dll
2008-06-20 16:02:47 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 11:51:12 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-12 14:23:32 956928 -c--a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23:32 91648 -c--a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:23:32 66560 ----a-w- c:\windows\system32\mtxclu.dll
2008-06-12 14:23:32 58880 -c--a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23:32 428032 -c--a-w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:23:32 161792 -c--a-w- c:\windows\system32\msdtcuiu.dll
2008-06-10 14:28:36 1028096 -c--a-w- c:\windows\system32\WMNetmgr.dll
2008-06-10 13:52:04 96768 -c--a-w- c:\windows\system32\logagent.exe
2008-05-09 23:23:42 135168 -c--a-w- c:\windows\system32\wshom.ocx
2008-05-09 10:53:40 90112 ----a-w- c:\windows\system32\wshext.dll
2008-05-09 10:53:40 172032 ----a-w- c:\windows\system32\scrrun.dll
2008-05-09 10:53:39 180224 ----a-w- c:\windows\system32\scrobj.dll
2008-05-08 14:02:52 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-05-08 11:24:44 155648 -c--a-w- c:\windows\system32\wscript.exe
2008-05-07 09:07:23 135168 -c--a-w- c:\windows\system32\cscript.exe
2008-04-14 12:42:06 985088 ----a-w- c:\windows\system32\setupapi.dll
2008-04-14 00:13:22 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-04-14 00:13:21 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2008-04-14 00:13:21 12168 -c--a-w- c:\windows\system32\tsddd.dll
2008-04-14 00:13:20 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2008-04-14 00:13:20 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2008-04-14 00:11:59 997376 ----a-w- c:\windows\system32\msgina.dll
2008-04-14 00:10:31 53279 -c--a-w- c:\windows\system32\odbcji32.dll
2008-04-14 00:10:06 3584 -c--a-w- c:\windows\system32\msafd.dll
2008-04-13 19:28:39 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys
2008-04-13 19:21:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2008-04-13 19:20:42 91520 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2008-04-13 19:20:37 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2008-04-13 19:19:48 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys
2008-04-13 19:19:43 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2008-04-13 19:19:42 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2008-04-13 19:18:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2008-04-13 19:17:18 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2008-04-13 19:17:05 105344 ----a-w- c:\windows\system32\drivers\mup.sys
2008-04-13 19:16:36 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2008-04-13 19:16:22 49536 ----a-w- c:\windows\system32\drivers\classpnp.sys
2008-04-13 19:15:55 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2008-04-13 19:15:53 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys
2008-04-13 19:15:45 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2008-04-13 19:14:29 143744 ----a-w- c:\windows\system32\drivers\fastfat.sys
.
============= FINISH: 6:34:56.54 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 greta2011

greta2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 07 June 2011 - 09:38 AM

heres the gmer log.


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-07 06:49:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SV4002H rev.QP100-07
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxldypob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB591A9CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB591AA61]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB591A978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB591A98C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB591AA75]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB591AAA1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB591AB0F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB591AAF9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB591AA0A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB591AB3B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB591AA4D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB591A950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB591A964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB591A9DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB591AB77]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB591AAE3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB591AACD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB591AA8B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB591AB63]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB591AB4F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB591A9B6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB591A9A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB591AAB7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB591AA39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB591AB25]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB591AA20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB591A9F4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP B591A9F8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568F68 5 Bytes JMP B591AA51 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A419 7 Bytes JMP B591AAD1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056F864 5 Bytes JMP B591A9CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80570D15 5 Bytes JMP B591A9A6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057376F 5 Bytes JMP B591AA65 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80573B86 7 Bytes JMP B591AB7B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80573E7D 7 Bytes JMP B591AB13 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80574AA9 5 Bytes JMP B591A954 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80574E58 7 Bytes JMP B591A9E2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A81E 5 Bytes JMP B591AA24 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057AC99 7 Bytes JMP B591AA0E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8057BC5B 7 Bytes JMP B591AABB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8057FB2B 7 Bytes JMP B591AAFD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP B591A990 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805839B9 5 Bytes JMP B591AA3D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8059323B 5 Bytes JMP B591A968 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80593FAA 5 Bytes JMP B591AB3F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80595C1A 7 Bytes JMP B591AAA5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80597FFA 7 Bytes JMP B591AA79 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B1BEA 5 Bytes JMP B591A97C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062E33F 5 Bytes JMP B591A9BA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064E76E 7 Bytes JMP B591AB29 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064F0A7 7 Bytes JMP B591AAE7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064F526 7 Bytes JMP B591AA8F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064FA19 5 Bytes JMP B591AB53 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064FE82 5 Bytes JMP B591AB67 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
INITc VolSnap.sys F7622BD0 4 Bytes [36, 9A, 4D, 80]
INITc VolSnap.sys F7622BF8 4 Bytes [94, 87, 4E, 80] {XCHG ESP, EAX; XCHG [ESI-0x80], ECX}
INITc VolSnap.sys F7622C20 4 Bytes [A0, C1, 4D, 80]
INITc VolSnap.sys F7622C48 4 Bytes [B0, C8, 4D, 80]
INITc VolSnap.sys F7622C70 4 Bytes [09, BF, 4D, 80]
INITc ...
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F66
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB005B
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F81
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0FA8
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0091
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0F49
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0F1D
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F2E
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0F0C
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0FB9
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB001B
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0076
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FDB
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0036
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB00A2
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093002F
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093005B
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FDE
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F9E
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0093004A
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FC3
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FA1
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB2
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD4
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FC3
.text C:\WINDOWS\System32\svchost.exe[560] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920018
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900011
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900022
.text C:\WINDOWS\System32\svchost.exe[560] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00900033
.text C:\WINDOWS\System32\svchost.exe[560] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009F0F83
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009F0082
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009F0FA8
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009F0065
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009F009D
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009F0F57
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009F00D3
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009F00B8
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009F00EE
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009F0FC3
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009F001B
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009F0F72
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\svchost.exe[656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009F0F3A
.text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009E0FC3
.text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009E0F97
.text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009E0FD4
.text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009E000A
.text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009E0FA8
.text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009E004A
.text C:\WINDOWS\system32\svchost.exe[656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009E002F
.text C:\WINDOWS\system32\svchost.exe[656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009D0F97
.text C:\WINDOWS\system32\svchost.exe[656] msvcrt.dll!system 77C293C7 5 Bytes JMP 009D0FB2
.text C:\WINDOWS\system32\svchost.exe[656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009D0018
.text C:\WINDOWS\system32\svchost.exe[656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009D0FC3
.text C:\WINDOWS\system32\svchost.exe[656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009D0FDE
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01910FEF
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01910089
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01910078
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01910067
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0191004A
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01910014
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 019100AE
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01910F72
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 019100DA
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 019100BF
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 019100EB
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0191002F
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01910FD4
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01910F83
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01910FA8
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01910FC3
.text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01910F4B
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01900FDE
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01900065
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0190002F
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01900FEF
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01900FB2
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01900000
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01900FC3
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B0, 89] {MOV AL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01900054
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 018F0F81
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!system 77C293C7 5 Bytes JMP 018F0F9C
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 018F0FC8
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!_open 77C2F566 5 Bytes JMP 018F0000
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 018F0FAD
.text C:\WINDOWS\system32\svchost.exe[728] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 018F0FE3
.text C:\WINDOWS\system32\svchost.exe[728] WS2_32.dll!socket 71AB4211 5 Bytes JMP 018E0000
.text C:\WINDOWS\system32\svchost.exe[728] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[728] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[728] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\svchost.exe[728] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00FF0FAF
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01460FEF
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014600A2
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0146007D
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0146006C
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01460051
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0146002C
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014600B3
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01460F77
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014600DF
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01460F46
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 014600FA
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01460FAF
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01460FD4
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01460F92
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0146001B
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0146000A
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014600C4
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01450022
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01450073
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01450011
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01450000
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01450FB6
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01450FEF
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0145004E
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01450033
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01440FA6
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!system 77C293C7 5 Bytes JMP 01440031
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01440FD2
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0144000C
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01440FC1
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01440FEF
.text C:\WINDOWS\system32\services.exe[752] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01420FEF
.text C:\WINDOWS\system32\services.exe[752] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01420014
.text C:\WINDOWS\system32\services.exe[752] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01420025
.text C:\WINDOWS\system32\services.exe[752] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01420FD4
.text C:\WINDOWS\system32\services.exe[752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01430FE5
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F4E
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F5F
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00F70
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00F8D
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FAF
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F20
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00068
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F000C3
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F000A8
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00F0F
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00F9E
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00FE5
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F3D
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00025
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F00083
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF002F
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F8D
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FD4
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0FA8
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF004A
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0FB9
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0020
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0F95
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0FB7
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FA6
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FD2
.text C:\WINDOWS\system32\lsass.exe[764] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E50F80
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E5007F
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50FA5
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E50058
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50036
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E500A6
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50F5E
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E500DC
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E50F43
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E500ED
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50047
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E5000A
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E50F6F
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50025
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E50FD4
.text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E500B7
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E40036
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E40F83
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E40F9E
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E40FAF
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [04, 89] {ADD AL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E40FC0
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E30FA1
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E30FBC
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E3000C
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E30FCD
.text C:\WINDOWS\system32\svchost.exe[932] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EA008E
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EA0F99
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EA0073
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EA0062
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EA0047
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EA0F6D
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EA00B3
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA0F37
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA00D0
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00EA0F12
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00EA0FC0
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00EA0F88
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00EA002C
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00EA001B
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00EA0F52
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E90FD4
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E90FB9
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E9001B
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E90076
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E9000A
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E9005B
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E9004A
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E80070
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E80044
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E80055
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E8001D
.text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E90000
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E90F5F
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E90F70
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E90054
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E90F97
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E90FC3
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E90F33
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E90F44
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E900A7
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E90F18
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02E90EE9
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02E90FB2
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E9001B
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02E9006F
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02E90FDE
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02E90FEF
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02E90096
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02D60FCA
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02D60051
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02D6001B
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02D60FE5
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02D60F94
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02D60000
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02D60FAF
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F6, 8A]
.text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02D6002C
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02D50F9C
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!system 77C293C7 5 Bytes JMP 02D50027
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02D50FD2
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02D50FE3
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02D50FB7
.text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02D50000
.text C:\WINDOWS\System32\svchost.exe[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02CE0FEF
.text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02CD0FE5
.text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02CD0000
.text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02CD001B
.text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 02CD0FCA
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900FE5
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900F37
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900F52
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00900F63
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900F80
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0090002C
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00900F09
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900051
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00900EE7
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00900080
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0090009B
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900F9B
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00900FD4
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00900F26
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0090001B
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00900EF8
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008F0F9E
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008F0F68
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008F0FB9
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008F0FD4
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008F002F
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008F0FEF
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008F0F83
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AF, 88]
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008F000A
.text C:\WINDOWS\System32\svchost.exe[1188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008E0F97
.text C:\WINDOWS\System32\svchost.exe[1188] msvcrt.dll!system 77C293C7 5 Bytes JMP 008E002C
.text C:\WINDOWS\System32\svchost.exe[1188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008E0FC6
.text C:\WINDOWS\System32\svchost.exe[1188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008E0FE3
.text C:\WINDOWS\System32\svchost.exe[1188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008E0011
.text C:\WINDOWS\System32\svchost.exe[1188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008E0000
.text C:\WINDOWS\System32\svchost.exe[1188] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008D0000
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0058
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0F6D
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0047
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0036
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0014
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0F21
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0F3E
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C008B
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C0EFC
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C009C
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0025
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0069
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0FA8
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0FB9
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C007A
.text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0025
.text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0087
.text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0062
.text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009B0047
.text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0036
.text C:\WINDOWS\System32\svchost.exe[1372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0F9C
.text C:\WINDOWS\System32\svchost.exe[1372] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A0FAD
.text C:\WINDOWS\System32\svchost.exe[1372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0FC8
.text C:\WINDOWS\System32\svchost.exe[1372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\System32\svchost.exe[1372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A001D
.text C:\WINDOWS\System32\svchost.exe[1372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A000C
.text C:\WINDOWS\System32\svchost.exe[1372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990FEF
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03240000
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03240086
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03240F91
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03240069
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03240FAC
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03240033
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03240F4A
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03240F65
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03240F28
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03240F39
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 032400DC
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0324004E
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03240011
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03240F76
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03240022
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03240FDB
.text C:\WINDOWS\explorer.exe[1596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 032400B7
.text C:\WINDOWS\explorer.exe[1596] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03230FC3
.text C:\WINDOWS\explorer.exe[1596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0323002F
.text C:\WINDOWS\explorer.exe[1596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03230FD4
.text C:\WINDOWS\explorer.exe[1596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0323000A
.text C:\WINDOWS\explorer.exe[1596] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03230F7C
.text C:\WINDOWS\explorer.exe[1596] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03230FE5
.text C:\WINDOWS\explorer.exe[1596] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03230F8D
.text C:\WINDOWS\explorer.exe[1596] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [43, 8B]
.text C:\WINDOWS\explorer.exe[1596] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03230F9E
.text C:\WINDOWS\explorer.exe[1596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03220042
.text C:\WINDOWS\explorer.exe[1596] msvcrt.dll!system 77C293C7 5 Bytes JMP 03220FB7
.text C:\WINDOWS\explorer.exe[1596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0322001D
.text C:\WINDOWS\explorer.exe[1596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03220FEF
.text C:\WINDOWS\explorer.exe[1596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03220FC8
.text C:\WINDOWS\explorer.exe[1596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0322000C
.text C:\WINDOWS\explorer.exe[1596] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01530FEF
.text C:\WINDOWS\explorer.exe[1596] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01530FDE
.text C:\WINDOWS\explorer.exe[1596] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01530FCD
.text C:\WINDOWS\explorer.exe[1596] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01530FBC
.text C:\WINDOWS\explorer.exe[1596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02AE0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0F83
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C006E
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C005D
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0F9E
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C002F
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C0F72
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C00AE
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C0F4D
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C00E6
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C0101
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C0040
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C0093
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C0FC3
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C0FD4
.text C:\WINDOWS\System32\svchost.exe[2320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C00CB
.text C:\WINDOWS\System32\svchost.exe[2320] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B0025
.text C:\WINDOWS\System32\svchost.exe[2320] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0F97
.text C:\WINDOWS\System32\svchost.exe[2320] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B0FD4
.text C:\WINDOWS\System32\svchost.exe[2320] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\System32\svchost.exe[2320] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0FA8
.text C:\WINDOWS\System32\svchost.exe[2320] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B000A
.text C:\WINDOWS\System32\svchost.exe[2320] ADVAPI32.dll!RegCreateKeyW 77DFBA55 3 Bytes JMP 006B0040
.text C:\WINDOWS\System32\svchost.exe[2320] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[2320] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0FC3
.text C:\WINDOWS\System32\svchost.exe[2320] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[2320] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A0F8B
.text C:\WINDOWS\System32\svchost.exe[2320] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A0FA6
.text C:\WINDOWS\System32\svchost.exe[2320] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A0FC8
.text C:\WINDOWS\System32\svchost.exe[2320] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A000C
.text C:\WINDOWS\System32\svchost.exe[2320] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A0FB7
.text C:\WINDOWS\System32\svchost.exe[2320] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A0FE3
.text C:\WINDOWS\System32\svchost.exe[2320] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690000
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0000
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0F68
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C005D
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0036
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0F79
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C0FAF
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C0F32
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C0F4D
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C00D5
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C00B0
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006C0F17
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006C0F9E
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006C0078
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006C0FC0
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006C001B
.text C:\WINDOWS\System32\svchost.exe[2336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C009F
.text C:\WINDOWS\System32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006B0FE5
.text C:\WINDOWS\System32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006B0087
.text C:\WINDOWS\System32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006B0036
.text C:\WINDOWS\System32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006B001B
.text C:\WINDOWS\System32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006B0062
.text C:\WINDOWS\System32\svchost.exe[2336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006B0000
.text C:\WINDOWS\System32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006B0FCA
.text C:\WINDOWS\System32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 006B0051
.text C:\WINDOWS\System32\svchost.exe[2336] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [88]
.text C:\WINDOWS\System32\svchost.exe[2336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006A006B
.text C:\WINDOWS\System32\svchost.exe[2336] msvcrt.dll!system 77C293C7 5 Bytes JMP 006A005A
.text C:\WINDOWS\System32\svchost.exe[2336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006A0038
.text C:\WINDOWS\System32\svchost.exe[2336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006A0000
.text C:\WINDOWS\System32\svchost.exe[2336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006A0049
.text C:\WINDOWS\System32\svchost.exe[2336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006A001D
.text C:\WINDOWS\System32\svchost.exe[2336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00690FEF
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0040
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC002F
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0F55
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F72
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0F83
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F1F
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F3A
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00B1
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F0E
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0EFD
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0014
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0065
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0F94
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FB9
.text C:\WINDOWS\System32\svchost.exe[2512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0082
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB001B
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB004A
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0000
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0F8D
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BB0F9E
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DB, 88]
.text C:\WINDOWS\System32\svchost.exe[2512] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\System32\svchost.exe[2512] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0FBE
.text C:\WINDOWS\System32\svchost.exe[2512] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FCF
.text C:\WINDOWS\System32\svchost.exe[2512] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA002E
.text C:\WINDOWS\System32\svchost.exe[2512] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA000C
.text C:\WINDOWS\System32\svchost.exe[2512] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA003F
.text C:\WINDOWS\System32\svchost.exe[2512] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA001D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002A0FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002A006F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002A0054
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 002A0F7A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 002A0F97
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 002A0FB2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002A00B1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002A0F69
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002A00CC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002A0F3D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002A00DD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 002A002F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 002A0FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002A008A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 002A001E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 002A0FCD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002A0F58
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0039002F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00390065
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00390FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0039000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00390F9E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00390FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00390FAF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [59, 88]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00390040
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003A0FA8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] msvcrt.dll!system 77C293C7 5 Bytes JMP 003A003D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003A0011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003A0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003A0022
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003A0FE3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0138000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0135000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E80000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0134000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0136000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WS2_32.dll!gethostbyname 71AB5355 3 Bytes JMP 0137000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WS2_32.dll!gethostbyname + 4 71AB5359 1 Byte [8F]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0133000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00CD6B70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00CD6D70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E9000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E90FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E90025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3152] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00E90FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002A0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002A0F59
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 002A0F74
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 002A004E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 002A003D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 002A0FA5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002A0086
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002A0075
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002A0EF7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002A0F12
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002A00AB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 002A002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 002A0FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002A0F3E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 002A001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 002A0FCA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002A0F23
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00390FC7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00390058
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00390022
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00390011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00390F9B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00390000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0039003D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00390FB6
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003A0042
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] msvcrt.dll!system 77C293C7 5 Bytes JMP 003A0027
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003A0FC1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003A0FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003A0016
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003A0FD2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00CD6B70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00CD6D70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E50000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E50011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E5002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00E50FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00C2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010F0FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3448] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BD000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:120] 8A398E7A
Thread System [4:124] 8A39B008
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [3152] 0x032A0000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [3152] 0x06D70000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [3152] 0x07330000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [3152] 0x0A070000

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\Local Settings\Temp\~DFD8DE.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 14 June 2011 - 03:11 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 greta2011

greta2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 June 2011 - 02:10 PM

ST:

Thanks for responding! No worries about the time, I am utterly grateful for ANY help with this mess. I will do what you suggested and post results ASAP.

:thumbsup:

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 15 June 2011 - 03:59 PM

:thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 greta2011

greta2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 June 2011 - 10:38 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4276224 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 56.73 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xB95AE000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1900544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 )
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB94E8000 C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys 610304 bytes (LT, LT Windows Modem)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB57FA000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB93CB000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5A12000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAE9B0000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB57C8000 C:\WINDOWS\system32\drivers\mfehidk.sys 204800 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAEAD0000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF744A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAD638000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB586A000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB58B7000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB59EB000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xB599D000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAEED8000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB94B0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9469000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB948D000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB5895000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74A0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB957D000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 118784 bytes (Intel Corporation, NDIS 5 driver)
0xBA7E6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9451000 C:\WINDOWS\system32\drivers\ac97intc.sys 98304 bytes (Intel Corporation, Intel® Integrated Controller Hub Audio Driver)
0xF74C0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAEEC0000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7477000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB943A000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAEC93000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB94D4000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB959A000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB5A75000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xAE26E000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xF748E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9429000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAFD39000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA746000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76B7000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7657000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA786000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7527000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA766000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76C7000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4FD9000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB979E000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7667000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7637000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA776000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76D7000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76F7000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7677000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7687000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xB9D81000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA756000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76E7000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7647000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB97BE000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7577000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAE3D8000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAE2D0000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xF7587000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB9D91000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA796000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB977E000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF777F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF77F7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF773F000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB0D67000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7777000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF774F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF775F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF776F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7757000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77E7000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7767000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF778F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7797000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7787000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAF3D8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA5D8000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA6DE000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA5EC000 C:\WINDOWS\System32\DRIVERS\PS2.sys 16384 bytes (Hewlett-Packard Company, PS2 SYS)
0xF789B000 PxHelp20.sys 16384 bytes (VERITAS Software, Inc., PxHelper Device Driver for Windows 2000)
0xBA6D6000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB575A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA5E8000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xBA5E4000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA5D0000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79FB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xAF574000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79F9000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798D000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79FD000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB4893000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79FF000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79D7000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79ED000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A79000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB3664000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A6E000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xF7A6C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [SYMEVENT.SYS]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
0x8A39DA91 Unknown page with executable code, 1391 bytes
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [DM_1USB.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [atwpkt264.sys]
WARNING: Virus alike driver modification [rawwan.sys]
0x8A39C288 Unknown page with executable code, 3448 bytes
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
0x8A39E191 Unknown page with executable code, 3695 bytes
WARNING: Virus alike driver modification [StMp3Rec.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
0xF7617000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
0x8A3A0E7A Unknown thread object [ ETHREAD 0x8A4221E8 ] TID: 120, 600 bytes
0x8A3A3008 Unknown thread object [ ETHREAD 0x8A40EDA8 ] TID: 124, 600 bytes
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [nv4.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [SONYPVU1.SYS]
WARNING: Virus alike driver modification [mcd.sys]
0x8A3A2CDC Unknown page with executable code, 804 bytes
WARNING: Virus alike driver modification [slnthal.sys]


OTL logfile created on: 6/15/2011 8:18:05 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 60.31% Memory free
1.48 Gb Paging File | 1.10 Gb Available in Paging File | 74.16% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.89 Gb Total Space | 1.04 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
Drive F: | 14.92 Gb Total Space | 10.78 Gb Free Space | 72.24% Space Free | Partition Type: FAT32

Computer Name: FRONTPC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 20:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2008/11/20 09:45:06 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/10/10 17:16:00 | 000,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/09/16 11:04:12 | 000,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2008/07/18 08:02:52 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/07/11 18:48:54 | 000,641,208 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/07/09 17:36:30 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2008/07/09 14:49:10 | 000,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/07/09 14:35:34 | 000,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2008/06/20 05:41:04 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/03/21 21:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 20:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/11/20 09:45:12 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (DM1Service)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2008/11/20 09:45:06 | 000,206,096 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/10/10 17:16:00 | 000,792,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2008/09/16 11:04:12 | 000,605,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2008/07/18 08:02:52 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/07/09 17:36:30 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2008/07/09 14:49:10 | 000,358,736 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2008/07/09 14:35:34 | 000,025,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2008/06/20 13:10:22 | 000,361,800 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2008/06/20 05:41:04 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)


========== Driver Services (SafeList) ==========

DRV - [2008/06/27 06:08:40 | 000,207,656 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/06/27 06:08:40 | 000,079,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/06/27 06:08:40 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2008/06/27 06:08:40 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/06/20 05:41:38 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/06/02 14:55:42 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\winusb.sys -- (winusb)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/09 17:25:22 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wandrv.sys -- (wandrv)
DRV - [2001/06/04 07:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_srch-us3_URL = http://srch-us3.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,srch-us3 Page = http://srch-us3.hpwis.com/


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\SOFTWARE\Microsoft\Internet Explorer\Main,srch-us3 Page = http://srch-us3.hpwis.com/
IE - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/23 14:19:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3


O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LXSUPMON] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PS2] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SNM] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Sesame.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - File not found
O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: ucdavis.edu ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: ucdavis.edu ([sisweb] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/09/04 20:13:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 20:15:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 20:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/15 20:10:44 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/06/15 19:55:02 | 000,012,949 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/06/15 19:51:38 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/06/15 19:51:33 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/15 19:51:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 19:51:28 | 1341,755,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/11 07:40:38 | 000,001,419 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSN.com.url
[2011/06/08 18:29:07 | 000,312,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/08 18:29:07 | 000,040,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/29 10:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 20:11:00 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2008/03/20 16:06:28 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd407cdw.dat
[2008/03/18 17:07:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\bo407cdw.ini
[2008/03/18 17:06:58 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/03/18 17:06:58 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/01/02 13:07:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/13 10:49:19 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/08 13:20:27 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/15 12:54:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2006/11/15 12:54:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2006/09/18 14:37:42 | 000,002,404 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/07/17 16:36:13 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP120JPR.{PB
[2006/07/17 16:36:13 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP120JCM.{PB
[2005/03/11 15:12:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2005/01/06 10:58:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/01/06 10:58:58 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/10/05 17:00:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/29 12:50:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2004/01/29 12:50:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2003/10/29 14:31:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/10/02 10:50:11 | 000,048,640 | ---- | C] () -- C:\WINDOWS\grwprocs.dll
[2003/10/02 10:50:11 | 000,000,807 | ---- | C] () -- C:\WINDOWS\Haunted settings.ini
[2003/08/13 12:23:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/01 12:12:23 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/07/16 15:08:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002/11/08 11:47:16 | 000,077,312 | ---- | C] () -- C:\WINDOWS\pysoft_uninstaller.exe
[2002/08/07 10:02:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/07 10:02:23 | 000,000,770 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/06/05 12:36:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2002/05/08 11:07:48 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/04/29 11:45:44 | 000,000,309 | ---- | C] () -- C:\WINDOWS\GBA-Prefs.ini
[2002/04/24 14:06:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\winreg.ini
[2002/04/24 13:57:28 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Deity.ini
[2002/04/11 13:25:58 | 000,000,260 | ---- | C] () -- C:\WINDOWS\abc4win.ini
[2002/04/08 15:06:25 | 000,001,277 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/02/28 17:42:06 | 000,000,535 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2002/02/28 17:41:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/02/28 17:41:33 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2002/01/08 12:58:00 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2002/01/08 12:58:00 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2002/01/08 12:58:00 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2002/01/08 10:44:37 | 000,000,734 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/01/08 10:44:36 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2002/01/08 10:44:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2002/01/07 12:37:33 | 000,002,180 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2001/11/14 05:38:20 | 000,001,079 | ---- | C] () -- C:\WINDOWS\System32\PX.INI
[2001/09/12 17:35:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/09/05 01:48:32 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2001/09/05 01:40:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/09/05 01:34:51 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/09/05 01:34:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InstallDriver.exe
[2001/09/05 01:12:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/09/05 01:12:57 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/09/05 01:12:57 | 000,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/09/05 00:51:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/09/04 20:18:27 | 000,000,877 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/09/04 20:16:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2001/09/04 20:10:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/09/04 20:08:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/09/04 20:01:02 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/09/04 20:00:30 | 000,312,946 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/09/04 20:00:30 | 000,040,664 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/09/04 20:00:28 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/09/04 20:00:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 13:05:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/09/04 13:04:34 | 000,416,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/08/17 13:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 13:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 13:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/08 06:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 17:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/07/21 14:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 14:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/07/21 14:24:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/05/22 17:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 09:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2000/02/19 06:35:36 | 000,299,661 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2000/02/19 06:34:33 | 000,145,869 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2000/02/19 06:13:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2000/02/19 03:11:49 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2000/02/03 04:19:17 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092r
[2000/02/03 04:19:17 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092
[2000/02/03 04:18:51 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293092
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >


OTL Extras logfile created on: 6/15/2011 8:18:06 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 60.31% Memory free
1.48 Gb Paging File | 1.10 Gb Available in Paging File | 74.16% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.89 Gb Total Space | 1.04 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
Drive F: | 14.92 Gb Total Space | 10.78 Gb Free Space | 72.24% Space Free | Partition Type: FAT32

Computer Name: FRONTPC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\hp center\137903\Program\BackWeb-137903.exe" = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~4.0
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Sesame\Program\sesame.exe" = C:\Sesame\Program\sesame.exe:*:Enabled:sesame
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Disabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
"C:\Program Files\Common Files\AOL\1105031270\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1105031270\EE\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\Laplink\PCmover\PCmover.exe" = C:\Program Files\Laplink\PCmover\PCmover.exe:*:Enabled:PCmover
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{169E24D1-2972-4B51-AC47-D5BDEC93F453}" = PCmover
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Escape From DeVil Manor" = Escape From DeVil Manor
"HP Instant Support" = HP Instant Support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2011 1:41:07 AM | Computer Name = FRONTPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/7/2011 1:44:53 AM | Computer Name = FRONTPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/7/2011 1:44:53 AM | Computer Name = FRONTPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/8/2011 9:04:25 PM | Computer Name = FRONTPC | Source = MsiInstaller | ID = 11327
Description = Product: Adobe Reader 8.2.0 -- Error 1327.Invalid Drive: G:\

Error - 6/8/2011 9:32:32 PM | Computer Name = FRONTPC | Source = MsiInstaller | ID = 11327
Description = Product: WordPerfect Office 12 -- Error 1327.Invalid Drive: G:\

Error - 6/8/2011 9:32:41 PM | Computer Name = FRONTPC | Source = MsiInstaller | ID = 11327
Description = Product: WordPerfect Office 12 -- Error 1327.Invalid Drive: G:\

Error - 6/8/2011 9:34:42 PM | Computer Name = FRONTPC | Source = MsiInstaller | ID = 11327
Description = Product: WordPerfect Office 12 -- Error 1327.Invalid Drive: G:\

Error - 6/15/2011 10:54:54 PM | Computer Name = FRONTPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/15/2011 10:55:52 PM | Computer Name = FRONTPC | Source = MsiInstaller | ID = 11327
Description = Product: WordPerfect Office 12 -- Error 1327.Invalid Drive: G:\

Error - 6/15/2011 11:05:51 PM | Computer Name = FRONTPC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/8/2011 9:26:23 PM | Computer Name = FRONTPC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 6/8/2011 9:34:42 PM | Computer Name = FRONTPC | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 6/15/2011 10:52:17 PM | Computer Name = FRONTPC | Source = Print | ID = 23
Description = Printer \\adriana\Lexmark Z25-Z35 failed to initialize because a suitable
Lexmark Z25-Z35 driver could not be found.

Error - 6/15/2011 10:52:21 PM | Computer Name = FRONTPC | Source = Service Control Manager | ID = 7000
Description = The DM1Service service failed to start due to the following error:
%%2

Error - 6/15/2011 10:53:01 PM | Computer Name = FRONTPC | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 6/15/2011 10:53:45 PM | Computer Name = FRONTPC | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 6/15/2011 10:53:50 PM | Computer Name = FRONTPC | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 6/15/2011 10:54:16 PM | Computer Name = FRONTPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Installer service
to connect.

Error - 6/15/2011 10:54:16 PM | Computer Name = FRONTPC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%1053

Error - 6/15/2011 10:54:37 PM | Computer Name = FRONTPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}


< End of report >

#7 greta2011

greta2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 June 2011 - 10:48 PM

Still being redirected to various websites and/or scour.com. Also, IE closed by itself a few times. AND, when i tried to open IE I got a error that said the page was unavailable offline. Windows installer still randomly trying to instal WP12. Thanks again.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 16 June 2011 - 10:01 AM

Hi!

It looks like we are dealing with a rootkit infection here.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (DM1Service)
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - File not found
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O4 - HKLM..\Run: [AOLDialer] File not found
    O4 - HKLM..\Run: [LXSUPMON] File not found
    O4 - HKLM..\Run: [PS2] File not found
    O4 - HKLM..\Run: [SNM] File not found
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Sesame.lnk = File not found
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - File not found
    O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: ([]msn in My Computer)
    O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    [2000/02/03 04:19:17 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092r
    [2000/02/03 04:19:17 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092
    [2000/02/03 04:18:51 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293092
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 greta2011

greta2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 16 June 2011 - 10:19 PM

OTL logfile created on: 6/15/2011 8:18:05 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 60.31% Memory free
1.48 Gb Paging File | 1.10 Gb Available in Paging File | 74.16% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.89 Gb Total Space | 1.04 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
Drive F: | 14.92 Gb Total Space | 10.78 Gb Free Space | 72.24% Space Free | Partition Type: FAT32

Computer Name: FRONTPC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 20:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2008/11/20 09:45:06 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/10/10 17:16:00 | 000,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/09/16 11:04:12 | 000,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2008/07/18 08:02:52 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/07/11 18:48:54 | 000,641,208 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/07/09 17:36:30 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2008/07/09 14:49:10 | 000,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2008/07/09 14:35:34 | 000,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2008/06/20 05:41:04 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/03/21 21:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 20:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/11/20 09:45:12 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (DM1Service)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2008/11/20 09:45:06 | 000,206,096 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/10/10 17:16:00 | 000,792,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2008/09/16 11:04:12 | 000,605,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2008/07/18 08:02:52 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/07/09 17:36:30 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2008/07/09 14:49:10 | 000,358,736 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2008/07/09 14:35:34 | 000,025,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2008/06/20 13:10:22 | 000,361,800 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2008/06/20 05:41:04 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)


========== Driver Services (SafeList) ==========

DRV - [2008/06/27 06:08:40 | 000,207,656 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/06/27 06:08:40 | 000,079,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/06/27 06:08:40 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2008/06/27 06:08:40 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/06/20 05:41:38 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/06/02 14:55:42 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\winusb.sys -- (winusb)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/09 17:25:22 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wandrv.sys -- (wandrv)
DRV - [2001/06/04 07:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_srch-us3_URL = http://srch-us3.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,srch-us3 Page = http://srch-us3.hpwis.com/


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\SOFTWARE\Microsoft\Internet Explorer\Main,srch-us3 Page = http://srch-us3.hpwis.com/
IE - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/23 14:19:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3


O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LXSUPMON] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PS2] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SNM] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Sesame.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - File not found
O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: ucdavis.edu ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: ucdavis.edu ([sisweb] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/09/04 20:13:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 20:15:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 20:15:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/15 20:10:44 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/06/15 19:55:02 | 000,012,949 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/06/15 19:51:38 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/06/15 19:51:33 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/15 19:51:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 19:51:28 | 1341,755,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/11 07:40:38 | 000,001,419 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSN.com.url
[2011/06/08 18:29:07 | 000,312,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/08 18:29:07 | 000,040,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/29 10:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 20:11:00 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2008/03/20 16:06:28 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd407cdw.dat
[2008/03/18 17:07:07 | 000,000,023 | ---- | C] () -- C:\WINDOWS\bo407cdw.ini
[2008/03/18 17:06:58 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/03/18 17:06:58 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/01/02 13:07:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/13 10:49:19 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/08 13:20:27 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/15 12:54:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2006/11/15 12:54:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2006/09/18 14:37:42 | 000,002,404 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/07/17 16:36:13 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP120JPR.{PB
[2006/07/17 16:36:13 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP120JCM.{PB
[2005/03/11 15:12:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2005/01/06 10:58:58 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/01/06 10:58:58 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/10/05 17:00:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/29 12:50:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2004/01/29 12:50:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2003/10/29 14:31:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/10/02 10:50:11 | 000,048,640 | ---- | C] () -- C:\WINDOWS\grwprocs.dll
[2003/10/02 10:50:11 | 000,000,807 | ---- | C] () -- C:\WINDOWS\Haunted settings.ini
[2003/08/13 12:23:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/01 12:12:23 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/07/16 15:08:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002/11/08 11:47:16 | 000,077,312 | ---- | C] () -- C:\WINDOWS\pysoft_uninstaller.exe
[2002/08/07 10:02:48 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/07 10:02:23 | 000,000,770 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/06/05 12:36:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2002/05/08 11:07:48 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/04/29 11:45:44 | 000,000,309 | ---- | C] () -- C:\WINDOWS\GBA-Prefs.ini
[2002/04/24 14:06:32 | 000,000,035 | ---- | C] () -- C:\WINDOWS\winreg.ini
[2002/04/24 13:57:28 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Deity.ini
[2002/04/11 13:25:58 | 000,000,260 | ---- | C] () -- C:\WINDOWS\abc4win.ini
[2002/04/08 15:06:25 | 000,001,277 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/02/28 17:42:06 | 000,000,535 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2002/02/28 17:41:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/02/28 17:41:33 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2002/01/08 12:58:00 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2002/01/08 12:58:00 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2002/01/08 12:58:00 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2002/01/08 10:44:37 | 000,000,734 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/01/08 10:44:36 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2002/01/08 10:44:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2002/01/07 12:37:33 | 000,002,180 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2001/11/14 05:38:20 | 000,001,079 | ---- | C] () -- C:\WINDOWS\System32\PX.INI
[2001/09/12 17:35:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/09/05 01:48:32 | 000,082,864 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2001/09/05 01:40:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/09/05 01:34:51 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/09/05 01:34:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InstallDriver.exe
[2001/09/05 01:12:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/09/05 01:12:57 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/09/05 01:12:57 | 000,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/09/05 00:51:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/09/04 20:18:27 | 000,000,877 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/09/04 20:16:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2001/09/04 20:10:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2001/09/04 20:08:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/09/04 20:01:02 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/09/04 20:00:30 | 000,312,946 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/09/04 20:00:30 | 000,040,664 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/09/04 20:00:28 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/09/04 20:00:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 13:05:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/09/04 13:04:34 | 000,416,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/08/17 13:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 13:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 13:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/08 06:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 17:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/07/21 14:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 14:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/07/21 14:24:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/05/22 17:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 09:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2000/02/19 06:35:36 | 000,299,661 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2000/02/19 06:34:33 | 000,145,869 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2000/02/19 06:13:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2000/02/19 03:11:49 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2000/02/03 04:19:17 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092r
[2000/02/03 04:19:17 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092
[2000/02/03 04:18:51 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293092
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >


2011/06/16 18:38:39.0375 0624 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/16 18:38:41.0265 0624 ================================================================================
2011/06/16 18:38:41.0265 0624 SystemInfo:
2011/06/16 18:38:41.0265 0624
2011/06/16 18:38:41.0265 0624 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/16 18:38:41.0265 0624 Product type: Workstation
2011/06/16 18:38:41.0265 0624 ComputerName: FRONTPC
2011/06/16 18:38:41.0265 0624 UserName: Owner
2011/06/16 18:38:41.0265 0624 Windows directory: C:\WINDOWS
2011/06/16 18:38:41.0265 0624 System windows directory: C:\WINDOWS
2011/06/16 18:38:41.0265 0624 Processor architecture: Intel x86
2011/06/16 18:38:41.0265 0624 Number of processors: 1
2011/06/16 18:38:41.0265 0624 Page size: 0x1000
2011/06/16 18:38:41.0265 0624 Boot type: Normal boot
2011/06/16 18:38:41.0265 0624 ================================================================================
2011/06/16 18:38:43.0218 0624 Initialize success
2011/06/16 18:38:57.0187 3136 ================================================================================
2011/06/16 18:38:57.0187 3136 Scan started
2011/06/16 18:38:57.0187 3136 Mode: Manual;
2011/06/16 18:38:57.0187 3136 ================================================================================
2011/06/16 18:38:58.0375 3136 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/06/16 18:38:58.0609 3136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/16 18:38:58.0859 3136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/16 18:38:59.0265 3136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/16 18:38:59.0484 3136 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/16 18:38:59.0718 3136 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/16 18:39:00.0656 3136 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/16 18:39:01.0062 3136 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/16 18:39:01.0812 3136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/16 18:39:02.0093 3136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/16 18:39:02.0484 3136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/16 18:39:02.0718 3136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/16 18:39:03.0000 3136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/16 18:39:03.0250 3136 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/06/16 18:39:03.0296 3136 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/06/16 18:39:03.0500 3136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/16 18:39:03.0921 3136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/16 18:39:04.0125 3136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/16 18:39:04.0343 3136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/16 18:39:05.0609 3136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/16 18:39:05.0921 3136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/16 18:39:06.0156 3136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/16 18:39:06.0343 3136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/16 18:39:06.0578 3136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/16 18:39:07.0093 3136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/16 18:39:07.0312 3136 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/16 18:39:07.0593 3136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/16 18:39:07.0828 3136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/16 18:39:08.0078 3136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/16 18:39:08.0281 3136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/16 18:39:08.0515 3136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/16 18:39:08.0734 3136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/16 18:39:09.0046 3136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/16 18:39:09.0281 3136 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/16 18:39:09.0484 3136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/16 18:39:09.0734 3136 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/16 18:39:10.0390 3136 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/16 18:39:10.0609 3136 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/16 18:39:10.0828 3136 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/16 18:39:11.0140 3136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/16 18:39:11.0937 3136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/16 18:39:12.0156 3136 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/06/16 18:39:12.0343 3136 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/06/16 18:39:12.0562 3136 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/06/16 18:39:13.0031 3136 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/06/16 18:39:13.0265 3136 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/06/16 18:39:13.0484 3136 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/06/16 18:39:13.0703 3136 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/06/16 18:39:13.0921 3136 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/06/16 18:39:14.0125 3136 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/06/16 18:39:14.0343 3136 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/06/16 18:39:14.0593 3136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/16 18:39:15.0046 3136 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/16 18:39:15.0250 3136 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/16 18:39:15.0468 3136 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/16 18:39:15.0687 3136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/16 18:39:15.0921 3136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/16 18:39:16.0156 3136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/16 18:39:16.0375 3136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/16 18:39:16.0609 3136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/16 18:39:16.0843 3136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/16 18:39:17.0062 3136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/16 18:39:17.0281 3136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/16 18:39:17.0812 3136 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/06/16 18:39:18.0109 3136 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/16 18:39:18.0484 3136 mfeavfk (abe05f6853072fdb29d4523c8e344578) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/06/16 18:39:18.0703 3136 mfebopk (7728b3c34b5b13cacb520ccee2af8cc7) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/06/16 18:39:18.0968 3136 mfehidk (f2ae6af4817e612fc162dcc580b7a5cc) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/06/16 18:39:19.0187 3136 mferkdk (db75c83e3e57037390b7b4392bca5481) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/06/16 18:39:19.0421 3136 mfesmfk (702730b18c342b40cdce85cd98eee88e) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/06/16 18:39:19.0640 3136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/16 18:39:19.0875 3136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/16 18:39:20.0109 3136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/16 18:39:20.0343 3136 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/16 18:39:20.0546 3136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/16 18:39:20.0781 3136 MPFP (11ff330ac375f962dfadb43708a6d105) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/06/16 18:39:21.0265 3136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/16 18:39:21.0500 3136 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/16 18:39:21.0765 3136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/16 18:39:22.0046 3136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/16 18:39:22.0281 3136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/16 18:39:22.0500 3136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/16 18:39:22.0718 3136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/16 18:39:22.0937 3136 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/06/16 18:39:23.0156 3136 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/16 18:39:23.0406 3136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/16 18:39:23.0625 3136 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/16 18:39:23.0890 3136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/16 18:39:24.0125 3136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/16 18:39:24.0343 3136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/16 18:39:24.0593 3136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/16 18:39:24.0828 3136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/16 18:39:25.0109 3136 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/16 18:39:25.0375 3136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/16 18:39:25.0625 3136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/16 18:39:25.0937 3136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/16 18:39:26.0296 3136 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/16 18:39:26.0578 3136 nv4 (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/16 18:39:26.0812 3136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/16 18:39:27.0046 3136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/16 18:39:27.0250 3136 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/16 18:39:27.0468 3136 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/06/16 18:39:27.0703 3136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/16 18:39:27.0921 3136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/16 18:39:28.0140 3136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/16 18:39:28.0359 3136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/16 18:39:28.0968 3136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/16 18:39:30.0562 3136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/16 18:39:30.0796 3136 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/16 18:39:31.0015 3136 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/06/16 18:39:31.0218 3136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/16 18:39:31.0437 3136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/16 18:39:31.0671 3136 PxHelp20 (c1a08e2a2398fca906646e7fcc50a840) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/16 18:39:32.0750 3136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/16 18:39:33.0046 3136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/16 18:39:33.0281 3136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/16 18:39:33.0484 3136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/16 18:39:33.0734 3136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/16 18:39:33.0984 3136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/16 18:39:34.0250 3136 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/16 18:39:34.0484 3136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/16 18:39:34.0781 3136 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/16 18:39:35.0015 3136 S3SavageNB (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2011/06/16 18:39:35.0312 3136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/16 18:39:35.0546 3136 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/16 18:39:35.0765 3136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/16 18:39:36.0031 3136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/16 18:39:36.0468 3136 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/16 18:39:36.0828 3136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/16 18:39:37.0062 3136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/16 18:39:37.0312 3136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/16 18:39:37.0593 3136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/16 18:39:37.0812 3136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/16 18:39:38.0953 3136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/16 18:39:39.0218 3136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/16 18:39:39.0453 3136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/16 18:39:39.0671 3136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/16 18:39:39.0906 3136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/16 18:39:40.0390 3136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/16 18:39:40.0937 3136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/16 18:39:41.0234 3136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/16 18:39:41.0453 3136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/16 18:39:41.0656 3136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/16 18:39:41.0859 3136 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/16 18:39:42.0109 3136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/16 18:39:42.0328 3136 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/16 18:39:42.0531 3136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/16 18:39:42.0750 3136 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/16 18:39:43.0015 3136 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/16 18:39:43.0234 3136 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/16 18:39:43.0234 3136 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/16 18:39:43.0265 3136 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/16 18:39:43.0546 3136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/16 18:39:43.0750 3136 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/06/16 18:39:44.0015 3136 wandrv (30211add92098d4b5cfadbf3da01e69b) C:\WINDOWS\system32\DRIVERS\wandrv.sys
2011/06/16 18:39:44.0375 3136 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/16 18:39:44.0968 3136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/16 18:39:45.0296 3136 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
2011/06/16 18:39:45.0625 3136 MBR (0x1B8) (17fe21ae93c2393452b76b0a39f79fbf) \Device\Harddisk0\DR0
2011/06/16 18:39:45.0781 3136 ================================================================================
2011/06/16 18:39:45.0781 3136 Scan finished
2011/06/16 18:39:45.0781 3136 ================================================================================
2011/06/16 18:39:45.0843 0844 Detected object count: 1
2011/06/16 18:39:45.0843 0844 Actual detected object count: 1
2011/06/16 18:39:56.0734 0844 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/16 18:39:56.0750 0844 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/16 18:39:59.0062 0844 Backup copy found, using it..
2011/06/16 18:39:59.0234 0844 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/06/16 18:39:59.0234 0844 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/06/16 18:40:51.0187 2472 Deinitialize success


ComboFix 11-06-16.01 - Owner 06/16/2011 19:24:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1280.926 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Start Menu\Programs\Windows XP Recovery
c:\documents and settings\Owner\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
c:\documents and settings\Owner\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 01:35 . 2011-06-17 01:35 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 01:41 . 2001-08-17 20:53 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-29 17:11 . 2000-02-19 10:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 22:31 . 2011-04-06 21:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2001-07-22 02:45 94784 -csha-w- c:\windows\twain.dll
2008-04-14 00:12 50688 -csha-w- c:\windows\twain_32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-06-15 212992]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-07 90112]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-12 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
.
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/24/2008 1:57 PM 206096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 01994586
*Deregistered* - 01994586
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-24 01:10]
.
2011-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-24 01:10]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: mcafee.com
Trusted Zone: ucdavis.edu
Trusted Zone: ucdavis.edu\sisweb
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-01994586.sys
AddRemove-Escape From DeVil Manor - c:\disney\Escape\DeIsL1.isu
AddRemove-{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D} - f:\program files\EAUninstall.exe
AddRemove-{B6F5B704-06D3-4687-90F3-6195304AD755} - f:\program files\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 19:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-16 19:37:42
ComboFix-quarantined-files.txt 2011-06-17 02:37
.
Pre-Run: 911,933,440 bytes free
Post-Run: 1,438,846,976 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows Whistler Personal" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 99116B32327453693C0216C9DF7363F0

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 17 June 2011 - 09:01 AM

Hi!

Looks like TDSSKiller found the main culprit.

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



The main infection that you were infected with is called TDL3.

See the snippet of text below:

2011/06/16 18:39:45.0843 0844 Detected object count: 1
2011/06/16 18:39:45.0843 0844 Actual detected object count: 1
2011/06/16 18:39:56.0734 0844 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/16 18:39:56.0750 0844 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/06/16 18:39:59.0062 0844 Backup copy found, using it..
2011/06/16 18:39:59.0234 0844 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/06/16 18:39:59.0234 0844 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/06/16 18:40:51.0187 2472 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (DM1Service)
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - File not found
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O4 - HKLM..\Run: [AOLDialer] File not found
    O4 - HKLM..\Run: [LXSUPMON] File not found
    O4 - HKLM..\Run: [PS2] File not found
    O4 - HKLM..\Run: [SNM] File not found
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Sesame.lnk = File not found
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - File not found
    O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: ([]msn in My Computer)
    O15 - HKU\S-1-5-21-2529006832-2225589205-3563514748-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    [2000/02/03 04:19:17 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092r
    [2000/02/03 04:19:17 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092
    [2000/02/03 04:18:51 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293092
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 greta2011

greta2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 18 June 2011 - 01:55 AM

PC seems to be okay now, although now I know it's not. No probs with IE. Installer still trying to install WP12 & automatic updates were able to download. There's not much I need on this comp, it is kind of an extra computer, so if I need to reinstall Windows, so be it.


OTL LOG:
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== OTL ==========
Error: No service named DM1Service was found to stop!
Service\Driver key DM1Service not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2529006832-2225589205-3563514748-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2529006832-2225589205-3563514748-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-2529006832-2225589205-3563514748-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2529006832-2225589205-3563514748-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AOLDialer not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LXSUPMON not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PS2 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SNM not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck not found.
File move failed. C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Sesame.lnk scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.
Registry value HKEY_USERS\S-1-5-21-2529006832-2225589205-3563514748-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ not found.
Registry key HKEY_USERS\S-1-5-21-2529006832-2225589205-3563514748-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
File C:\Documents and Settings\All Users\Application Data\~17293092r not found.
File C:\Documents and Settings\All Users\Application Data\~17293092 not found.
File C:\Documents and Settings\All Users\Application Data\17293092 not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.24.0 log created on 06172011_184641

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Sesame.lnk not found!

Registry entries deleted on Reboot...

MALWAREBYTES LOG:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6884

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/17/2011 8:36:26 PM
mbam-log-2011-06-17 (20-36-26).txt

Scan type: Quick scan
Objects scanned: 147674
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET REPORT:
C:\Program Files\HPSelect\qfl2001\autorun.exe probably a variant of Win32/Agent.LNUCMSK trojan


SECURITYCHECK LOG:
Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

McAfee VIRUSS~1 mcshield.exe
``````````End of Log````````````

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 18 June 2011 - 09:53 AM

Hi!

Your logs are looking better.


Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:


OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:13 PM

Posted 20 June 2011 - 10:03 AM

Hi!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?

Please Note: Unless notified in advance, threads with no response in 3 days get closed.

If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.


Thanks,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 greta2011

greta2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 20 June 2011 - 02:18 PM

Still here. Out of town for the w/e. Will run your last instructions this evening. Thanks again for all your help.

Greta2011

#15 greta2011

greta2011
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 20 June 2011 - 02:19 PM

Forgot to ask...PC keeps prompting me to install the automatic updates. Okay to do?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users