Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows security virus


  • This topic is locked This topic is locked
35 replies to this topic

#1 pamendoza

pamendoza

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 12 June 2011 - 12:40 PM

I Had posted before but never gotten back with so im trying again. I have been infected with this virus. I can not open any programs on my computer. need some help please.
here are my logs

:OTL
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\bar.exe" -a "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\bar.exe" -a "%1" %*
[2011/05/03 14:02:36 | 000,233,698 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\upm.exe
[2011/04/29 15:17:01 | 000,009,948 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\yawn7k51ip2060t
[2011/04/29 15:17:01 | 000,009,948 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yawn7k51ip2060t
[2011/04/29 15:12:48 | 000,009,956 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\1137670655
[2011/04/29 15:12:48 | 000,009,956 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1137670655
[2011/04/29 15:09:17 | 000,009,968 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\1508204804
[2011/04/29 15:09:17 | 000,009,968 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1508204804
[2011/04/29 12:37:22 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Krirocijezow.dat
[2011/04/29 02:01:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dnuwaxiq.bin
[2011/05/03 14:02:38 | 000,012,274 | -HS- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\4w1twtdbd4me
[2011/05/03 14:02:38 | 000,012,274 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4w1twtdbd4me
[2011/04/29 13:32:00 | 000,009,960 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\yawn7k51ip2060t
[2011/04/29 12:36:46 | 000,010,086 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\yawn7k51ip2060t
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0295CBF7
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = DWORD:0
"FirewallOverride" = DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = -
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = -
:Commands
[purity]
[emptytemp]
[emptyflash]



:OTL
O35 - HKLM\..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\bar.exe" -a "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\bar.exe" -a "%1" %*
[2011/05/03 14:02:36 | 000,233,698 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\upm.exe
[2011/04/29 15:17:01 | 000,009,948 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\yawn7k51ip2060t
[2011/04/29 15:17:01 | 000,009,948 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yawn7k51ip2060t
[2011/04/29 15:12:48 | 000,009,956 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\1137670655
[2011/04/29 15:12:48 | 000,009,956 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1137670655
[2011/04/29 15:09:17 | 000,009,968 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\1508204804
[2011/04/29 15:09:17 | 000,009,968 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1508204804
[2011/04/29 12:37:22 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Krirocijezow.dat
[2011/04/29 02:01:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dnuwaxiq.bin
[2011/05/03 14:02:38 | 000,012,274 | -HS- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\4w1twtdbd4me
[2011/05/03 14:02:38 | 000,012,274 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4w1twtdbd4me
[2011/04/29 13:32:00 | 000,009,960 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\yawn7k51ip2060t
[2011/04/29 12:36:46 | 000,010,086 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\yawn7k51ip2060t
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0295CBF7
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = DWORD:0
"FirewallOverride" = DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = -
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = -
:Commands
[purity]
[emptytemp]
[emptyflash]



GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-09 22:30:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-b WDC_WD1600BB-22RDA0 rev.20.00K20
Running: gmer.exe; Driver: C:\DOCUME~1\OWNER~1.FAM\LOCALS~1\Temp\pxryipod.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF71760E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF71760F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7176120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7176176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF71760CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF71760A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF71760B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF717610A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF717614C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7176136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF71761A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF717618C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7176160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\OWNER~1.FAM\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E20FCD
.text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E20FDE
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E10FEF
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E10F57
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E10F72
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E10040
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E10F83
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E1002F
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E1009D
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E10082
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E10F15
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E10F3A
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E100C9
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E10FA8
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E10000
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E10071
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E10FB9
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E10FD4
.text C:\WINDOWS\Explorer.EXE[256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E100B8
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E0001B
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E00F5E
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E0000A
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E00F79
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E00F94
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [00, 89]
.text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E00FA5
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D10073
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D10058
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D10022
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D10000
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D1003D
.text C:\WINDOWS\Explorer.EXE[256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D10011
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CF0000
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CF0011
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CF002C
.text C:\WINDOWS\Explorer.EXE[256] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00CF003D
.text C:\WINDOWS\Explorer.EXE[256] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[436] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[436] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D40FB9
.text C:\WINDOWS\system32\svchost.exe[436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D40FD4
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D3009D
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D30F9E
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D30076
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D30065
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D30040
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D300E6
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D300BF
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D30123
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D30108
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D30F6F
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D30FC3
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D30FDE
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D300AE
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D3002F
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D30014
.text C:\WINDOWS\system32\svchost.exe[436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D300F7
.text C:\WINDOWS\system32\svchost.exe[436] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D2001E
.text C:\WINDOWS\system32\svchost.exe[436] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D2005B
.text C:\WINDOWS\system32\svchost.exe[436] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D20FC3
.text C:\WINDOWS\system32\svchost.exe[436] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D20FD4
.text C:\WINDOWS\system32\svchost.exe[436] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D2004A
.text C:\WINDOWS\system32\svchost.exe[436] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D20FE5
.text C:\WINDOWS\system32\svchost.exe[436] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D20039
.text C:\WINDOWS\system32\svchost.exe[436] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D20FB2
.text C:\WINDOWS\system32\svchost.exe[436] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D10FA1
.text C:\WINDOWS\system32\svchost.exe[436] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D1002C
.text C:\WINDOWS\system32\svchost.exe[436] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D10011
.text C:\WINDOWS\system32\svchost.exe[436] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D10FE3
.text C:\WINDOWS\system32\svchost.exe[436] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D10FBC
.text C:\WINDOWS\system32\svchost.exe[436] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[436] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\svchost.exe[436] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\svchost.exe[436] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CF0036
.text C:\WINDOWS\system32\svchost.exe[436] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\system32\svchost.exe[436] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006F0FCA
.text C:\WINDOWS\system32\services.exe[912] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F0FDB
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F79
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F8A
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070F9B
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070058
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070095
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F43
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700CB
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070F32
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F21
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0007003D
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F54
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700B0
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FB6
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060058
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060FDB
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060011
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0006003D
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060F9B
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060022
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050036
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050FAB
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FC6
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005001B
.text C:\WINDOWS\system32\services.exe[912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FD7
.text C:\WINDOWS\system32\services.exe[912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD0025
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC0F39
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0F54
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0022
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0F6F
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0F8A
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC0F0D
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0049
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC0EF2
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC008B
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CC0EE1
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC0011
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC0FDB
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CC0F1E
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CC0FA5
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CC0FC0
.text C:\WINDOWS\system32\lsass.exe[924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CC007A
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CB0FCA
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CB0040
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CB001B
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CB0F83
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CB0F94
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EB, 88] {JMP 0xffffffffffffff8a}
.text C:\WINDOWS\system32\lsass.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CB0FAF
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20F97
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20FB2
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FC3
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20018
.text C:\WINDOWS\system32\lsass.exe[924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20FDE
.text C:\WINDOWS\system32\lsass.exe[924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CB0FC3
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50F8D
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C5008C
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C50FB2
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50FC3
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C5004A
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C50F70
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C500B8
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50F4B
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C500E4
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C500FF
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C50065
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C50FDE
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C500A7
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C5002F
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C5001E
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C500C9
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C40FAF
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C40F68
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C40FDE
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C40F79
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C40F8A
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E4, 88] {IN AL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30FA6
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30FB7
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30FC8
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FE3
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30027
.text C:\WINDOWS\system32\svchost.exe[1124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CD0025
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC0F74
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0F8F
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0073
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0062
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC002C
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC0F3C
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0F4D
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC0F2B
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC00BA
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CC00DF
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC0047
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CC0084
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CC0FCA
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CC009F
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CB003D
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CB0062
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CB0022
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CB0011
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CB0FAF
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CB0FC0
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EB, 88] {JMP 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CB0FD1
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA002E
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA001D
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA0FD2
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0FAD
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C90000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1248] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1248] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02860FEF
.text C:\WINDOWS\System32\svchost.exe[1300] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02860FCA
.text C:\WINDOWS\System32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02860000
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02850FE5
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02850F43
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02850F5E
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02850038
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02850F79
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02850011
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0285006E
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02850053
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028500A4
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02850F01
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028500B5
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02850F8A
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02850000
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02850F32
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02850FAF
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02850FC0
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0285007F
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0284001B
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02840FA5
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02840FCA
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02840FE5
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02840058
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02840000
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02840047
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02840036
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02830058
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!system 77C293C7 5 Bytes JMP 02830047
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0283001B
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02830000
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0283002C
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02830FD7
.text C:\WINDOWS\System32\svchost.exe[1300] WS2_32.dll!socket 71AB4211 5 Bytes JMP 024C0FE5
.text C:\WINDOWS\System32\svchost.exe[1300] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 024B0000
.text C:\WINDOWS\System32\svchost.exe[1300] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 024B001B
.text C:\WINDOWS\System32\svchost.exe[1300] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 024B002C
.text C:\WINDOWS\System32\svchost.exe[1300] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 024B0FDB
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00760000
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00760FCA
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00750FEF
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00750F5F
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0075005E
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00750F86
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00750FA1
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00750028
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00750F38
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00750080
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00750EFB
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00750F16
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007500AF
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00750039
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00750FDE
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0075006F
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00750FBC
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00750FCD
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00750F27
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00740FC0
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00740F79
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00740FE5
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0074001B
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00740F8A
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00740FA5
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [94, 88]
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0074002C
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0073004E
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!system 77C293C7 5 Bytes JMP 0073003D
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00730011
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00730000
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0073002C
.text C:\WINDOWS\system32\svchost.exe[1340] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00730FD7
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A50FD4
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40F57
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40F68
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40042
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40F79
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FA5
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40F1A
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40F2B
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A40ED3
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A40EF8
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40087
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40F8A
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40FDB
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F3C
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FC0
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40011
.text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40F09
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30FDB
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30084
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30022
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30011
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30073
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A30062
.text C:\WINDOWS\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A3003D
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20042
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20031
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20FD2
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A2000C
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20FC1
.text C:\WINDOWS\system32\svchost.exe[1392] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A20FE3
.text C:\WINDOWS\system32\svchost.exe[1392] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B50025
.text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B00F6B
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B00060
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B00F86
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B00043
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B00FB2
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B00096
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B00F44
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B000C2
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B00F29
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B000DD
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B00FA1
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B0000A
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B0007B
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B00FC3
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B000A7
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AF0FCA
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AF0076
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AF001B
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AF0FE5
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AF005B
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AF0036
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AF0FB9
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AE0FB2
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AE003D
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AE0FD7
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AE002C
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AE0011
.text C:\WINDOWS\system32\svchost.exe[1528] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AD000A
.text C:\WINDOWS\system32\svchost.exe[2236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\svchost.exe[2236] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D20025
.text C:\WINDOWS\system32\svchost.exe[2236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D20014
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D1006E
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10F79
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D10F8A
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10F9B
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10FD1
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D10F4D
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D10089
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D100CB
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10F3C
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D100E6
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D10FC0
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D10011
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D10F5E
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D1003D
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D1002C
.text C:\WINDOWS\system32\svchost.exe[2236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D100BA
.text C:\WINDOWS\system32\svchost.exe[2236] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D0002F
.text C:\WINDOWS\system32\svchost.exe[2236] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D00054
.text C:\WINDOWS\system32\svchost.exe[2236] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[2236] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[2236] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D00F97
.text C:\WINDOWS\system32\svchost.exe[2236] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[2236] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D00FA8
.text C:\WINDOWS\system32\svchost.exe[2236] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F0, 88]
.text C:\WINDOWS\system32\svchost.exe[2236] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[2236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0049
.text C:\WINDOWS\system32\svchost.exe[2236] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF0038
.text C:\WINDOWS\system32\svchost.exe[2236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF0FC8
.text C:\WINDOWS\system32\svchost.exe[2236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[2236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF0027
.text C:\WINDOWS\system32\svchost.exe[2236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF000C
.text C:\WINDOWS\system32\svchost.exe[2236] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[2256] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[2256] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CF0025
.text C:\WINDOWS\system32\svchost.exe[2256] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CF0014
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0F8A
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0089
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0062
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0FA5
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0FC0
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE0F6D
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE00B5
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE0F2D
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE00C6
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE00E1
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE0047
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE000A
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE00A4
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE0036
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE0025
.text C:\WINDOWS\system32\svchost.exe[2256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE0F52
.text C:\WINDOWS\system32\svchost.exe[2256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0025
.text C:\WINDOWS\system32\svchost.exe[2256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0073
.text C:\WINDOWS\system32\svchost.exe[2256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0014
.text C:\WINDOWS\system32\svchost.exe[2256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD0FDE
.text C:\WINDOWS\system32\svchost.exe[2256] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0062
.text C:\WINDOWS\system32\svchost.exe[2256] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\svchost.exe[2256] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CD0047
.text C:\WINDOWS\system32\svchost.exe[2256] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD0036
.text C:\WINDOWS\system32\svchost.exe[2256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC0FB2
.text C:\WINDOWS\system32\svchost.exe[2256] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0033
.text C:\WINDOWS\system32\svchost.exe[2256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0022
.text C:\WINDOWS\system32\svchost.exe[2256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[2256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\system32\svchost.exe[2256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F5F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F7A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270054
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270FA1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FCD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002700A0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F4E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F18
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700B1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00270F07
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FB2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270079
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270039
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F33
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0036002C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360FAF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FDB
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360FC0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360062
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360047
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370038
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FB7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FE3
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FC8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0037001D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00980FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 02ED0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 02EB0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 02EE0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01220FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01220000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 02EC0000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01220FCA
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2876] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 0122001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0027005D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F68
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F79
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270036
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0027000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F28
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F43
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270095
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F06
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700A6
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270025
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0027006E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FA8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F17
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FAF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F79
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0036000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360F94
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360FE5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360036
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036001B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F8B
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370020
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FC1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FB0
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FD2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00980000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B70FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B70FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B70014
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3400] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00B70FCD
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F10014
.text C:\WINDOWS\system32\dllhost.exe[3620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F10FD4
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F5F
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00F7A
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00054
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00F97
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00FA8
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00080
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F0006F
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F00EEE
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00091
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F000A2
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F0002F
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F4E
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00FB9
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\dllhost.exe[3620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F00F1D
.text C:\WINDOWS\system32\dllhost.exe[3620] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE0F81
.text C:\WINDOWS\system32\dllhost.exe[3620] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0F9C
.text C:\WINDOWS\system32\dllhost.exe[3620] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE0FC8
.text C:\WINDOWS\system32\dllhost.exe[3620] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE0FE3
.text C:\WINDOWS\system32\dllhost.exe[3620] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0FAD
.text C:\WINDOWS\system32\dllhost.exe[3620] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0000
.text C:\WINDOWS\system32\dllhost.exe[3620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF002C
.text C:\WINDOWS\system32\dllhost.exe[3620] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0FB6
.text C:\WINDOWS\system32\dllhost.exe[3620] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF001B
.text C:\WINDOWS\system32\dllhost.exe[3620] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\dllhost.exe[3620] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF007D
.text C:\WINDOWS\system32\dllhost.exe[3620] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\dllhost.exe[3620] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF006C
.text C:\WINDOWS\system32\dllhost.exe[3620] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0051
.text C:\WINDOWS\system32\dllhost.exe[3620] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0FEF

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 22:10:25.53 on Mon 05/09/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.51 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner.familyroom\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - c:\program files\shop to win 2\ShoppingBHO.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110502205953.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CHotkey] zHotkey.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [VirusScan Online] \mcvsshld.exe
mRun: [Easy Dock]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_177/View22RTEv4.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP24-10113/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-5-2 84072]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-4-13 266240]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-2 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-2 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-2 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-2 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-2 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-5-2 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-2 141792]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2010-1-28 50176]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-5-2 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-5-2 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-5-2 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-5-2 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-5-2 88544]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-2-5 6016]
S3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys --> c:\windows\system32\drivers\easytthr.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-5-2 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-2 84264]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-2-5 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-2-5 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-2-5 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-2-5 9472]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-12-13 14336]
S3 pohci13F;pohci13F;\??\c:\docume~1\owner~1.fam\locals~1\temp\pohci13f.sys --> c:\docume~1\owner~1.fam\locals~1\temp\pohci13F.sys [?]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-2 271480]
.
=============== Created Last 30 ================
.
2011-05-05 02:00:24 -------- d-----w- c:\program files\Panda Security
2011-05-03 02:59:51 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-05-03 02:59:40 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-05-03 02:59:37 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-05-03 02:59:37 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-05-03 02:59:37 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-05-03 02:59:37 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-05-03 02:59:37 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-05-03 02:59:37 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-05-03 02:59:37 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-05-03 02:59:18 -------- d-----w- c:\program files\common files\Mcafee
2011-05-03 02:59:11 -------- d-----w- c:\program files\McAfee.com
2011-05-03 02:58:41 -------- d-----w- c:\program files\McAfee
2011-05-03 02:15:42 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-23 05:33:27 -------- d-----w- c:\program files\iPod
2011-04-23 05:25:43 -------- d-----w- c:\program files\Bonjour
2011-04-22 20:51:13 256 ----a-w- c:\documents and settings\owner.familyroom\pool.bin
2011-04-18 06:59:19 256 ----a-w- c:\windows\system32\pool.bin
2011-04-18 06:59:17 -------- d-----w- c:\docume~1\owner~1.fam\applic~1\Research In Motion
2011-04-18 06:12:00 -------- d-----w- c:\program files\common files\Sonic Shared
2011-04-18 06:11:58 -------- d-----w- c:\program files\Roxio
2011-04-18 06:07:52 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2011-04-18 06:04:57 -------- d-----w- c:\program files\common files\Research In Motion
2011-04-18 06:04:50 -------- d-----w- c:\program files\Research In Motion
2011-04-15 05:00:43 -------- d-----w- C:\aae57c775f973cc1b08c94
2011-04-14 09:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-04-06 22:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 22:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 22:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 22:12:18.29 ===============

Edited by boopme, 12 June 2011 - 08:33 PM.


BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:06 PM

Posted 15 June 2011 - 08:14 AM

Hello pamendoza and welcome to BC. :)

I actually replied to your previous topic HERE but I did not receive any feedback from you.

Sorry about the delay, do you still need help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 pamendoza

pamendoza
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 15 June 2011 - 08:31 AM

Yes

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:06 PM

Posted 15 June 2011 - 08:46 AM

Can you please tell me where did you get those OTL scripts (in your previous first post). Also please update me with the current status of your computer.

Please copy the contents of the code box below, open notepad and paste it there.
  • Save it to your desktop as look.bat
  • Close notepad and locate the look.bat icon on your desktop and double click on it.
  • Once completed, two reports will be created on C:\ directory with file named look.txt & look1.txt
  • Please post the contents of those reports when you reply.
@echo off
regedit /e C:\look.txt "HKEY_CLASSES_ROOT\.exe"  
regedit /e C:\look1.txt "HKEY_CLASSES_ROOT\exefile" 
del %0

Edited by sempai, 15 June 2011 - 08:50 AM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 pamendoza

pamendoza
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 15 June 2011 - 09:40 AM

I got them from the programs you guys ask to run and post results. The computer still will not let me open programs and my virus scan doesnt find anything. running very slow also.
i have followed the instructions and all it is doing is deleting that file from the desktop when i double click it.

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:06 PM

Posted 15 June 2011 - 10:05 AM

You should not copy instructions that are posted for other members, they are created for specific problems.


i have followed the instructions and all it is doing is deleting that file from the desktop when i double click it.


The file that I asked you to run will automatically delete itself, if you will just read the entire instruction you will see that I wanted you to post two log files.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 pamendoza

pamendoza
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 15 June 2011 - 12:34 PM

:(

Edited by pamendoza, 15 June 2011 - 06:56 PM.


#8 pamendoza

pamendoza
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 15 June 2011 - 12:37 PM

never mind i am still half asleep. ok here they are


Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\.exe\shell]

[HKEY_CLASSES_ROOT\.exe\shell\open]

[HKEY_CLASSES_ROOT\.exe\shell\open\command]
@="\"C:\\Documents and Settings\\Owner.familyroom\\Local Settings\\Application Data\\thu.exe\" -a \"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe\shell\runas]

[HKEY_CLASSES_ROOT\.exe\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"





look 1


Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"Content Type"="application/x-msdownload"
"EditFlags"=hex:38,07,00,00
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"
"TileInfo"="prop:FileDescription;Company;FileVersion"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"C:\\Documents and Settings\\Owner.familyroom\\Local Settings\\Application Data\\thu.exe\" -a \"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\CmdLineExt]
@="{9869EFB4-18E9-11D3-A837-00104B9E30B5}"

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:06 PM

Posted 16 June 2011 - 07:28 AM

That's a good start, instruction below are posted in order so make sure to do the instruction #1 first.


1. Please download this tool -> http://download.bleepingcomputer.com/farbar/ExeFix.scr

  • Put the ExeFix.scr file on a flash drive
  • Boot your computer into the infected user account <- important
  • Launch Task Manager, click File > New Task (Run...)
  • Type e:\exefix.scr (replace e if the flash drive letter is something else).
  • Click OK.
  • A small pop up says " Operation completed" once completed.
  • Restart the computer.
Note:  The popup "The operation completed" appears on the top of any other open window after running the tool and make sure to reboot the computer.


2. Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#10 pamendoza

pamendoza
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 16 June 2011 - 08:55 AM

this may take a day i have to go buy a flash drive sometime today. k. Ill get back to you soon :0)

#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:06 PM

Posted 16 June 2011 - 10:41 AM

No need to buy a flash drive, do this instead for step #1.


Launch Notepad, and copy-paste the contents of the codebox below into a new text file. Save it on your Desktop as fixme.reg. For the "save as type" choose all files

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[-HKEY_CLASSES_ROOT\.exe\shell\runas\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"=-

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
"IsolatedCommand"=-

  • Locate fixme.reg on your Desktop and double-click on it.
  • You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
  • Answer "Yes" and wait for a message to appear similar to "Merged Successfully".
  • Restart your computer.

Edited by sempai, 16 June 2011 - 10:46 AM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 pamendoza

pamendoza
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 June 2011 - 04:33 PM

ok done that looks like all my little shortcuts in my tool bar are back but still getting access denied on my desktop programs. moving on to step 2

Edited by pamendoza, 18 June 2011 - 04:35 PM.


#13 pamendoza

pamendoza
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 June 2011 - 05:38 PM

OTL logfile created on: 6/18/2011 3:37:58 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner.familyroom\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

445.57 Mb Total Physical Memory | 116.57 Mb Available Physical Memory | 26.16% Memory free
1.03 Gb Paging File | 0.42 Gb Available in Paging File | 41.42% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.76 Gb Total Space | 119.86 Gb Free Space | 83.37% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 2.24 Gb Free Space | 42.40% Space Free | Partition Type: FAT32

Computer Name: FAMILYROOM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/18 15:36:02 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.familyroom\Desktop\OTL.exe
PRC - [2011/05/02 15:09:18 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 10:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/01/28 05:15:40 | 000,050,176 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/07/27 18:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/04/13 21:32:18 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2008/12/14 22:16:31 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008/12/14 22:16:31 | 000,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2008/12/14 22:14:27 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/12 23:33:14 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
PRC - [2006/07/12 23:22:50 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
PRC - [2005/12/09 20:44:40 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
PRC - [2004/12/08 19:57:36 | 000,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe


========== Modules (SafeList) ==========

MOD - [2011/06/18 15:36:02 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.familyroom\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/28 05:15:40 | 000,050,176 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/12/10 12:03:14 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/04/13 21:32:18 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/12/14 22:14:27 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/06/18 16:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 15:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/04/01 15:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 20:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/12/14 22:30:31 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/07/18 16:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 16:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 16:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/04/17 18:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/18 20:41:00 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 16:48:08 | 001,477,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?st=1#
IE - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 16:22:58 | 000,000,000 | ---D | M]

[2010/12/28 22:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.familyroom\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2004/08/10 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - File not found
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll (PlaySushi LLC)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110611012258.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [VirusScan Online] File not found
O4 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006..\Run: [rQcDdQaEEBwu] File not found
O4 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006..\Run: [Weather] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\WINDOWS\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.familyroom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.familyroom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 03:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{66ba9a12-a312-11de-b0be-0019d15bfc28}\Shell\Auto\command - "" = J:\launcher.exe
O33 - MountPoints2\{66ba9a12-a312-11de-b0be-0019d15bfc28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{66ba9a12-a312-11de-b0be-0019d15bfc28}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 15:35:44 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.familyroom\Desktop\OTL.exe
[2011/06/18 15:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/05/30 10:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.familyroom\Local Settings\Application Data\Deployment
[2011/05/23 10:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2011/05/23 10:19:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Online Backup
[2011/05/23 10:19:33 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2011/05/23 10:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/18 15:36:02 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.familyroom\Desktop\OTL.exe
[2011/06/18 15:25:38 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2011/06/18 15:25:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/18 15:25:12 | 467,283,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/18 15:21:27 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\Owner.familyroom\Desktop\fixme.reg
[2011/06/17 20:58:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/06/17 20:10:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/17 11:59:33 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2011/06/15 11:20:36 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/15 11:16:43 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Owner.familyroom\My Documents\all star letter.wps
[2011/06/15 11:16:43 | 000,007,910 | ---- | M] () -- C:\Documents and Settings\Owner.familyroom\Application Data\wklnhst.dat
[2011/06/15 08:37:24 | 000,000,122 | ---- | M] () -- C:\WINDOWS\System32\look.bat
[2011/06/14 20:58:13 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/06/12 16:04:47 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Owner.familyroom\Desktop\allstar.wps
[2011/06/12 15:53:50 | 000,000,140 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2011/06/01 21:32:39 | 000,000,474 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2011/05/27 16:45:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner.familyroom\Desktop\0.33545049855094955.exe
[2011/05/26 23:26:36 | 000,001,239 | ---- | M] () -- C:\Documents and Settings\Owner.familyroom\Desktop\Nero StartSmart.lnk
[2011/05/26 20:58:03 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/18 15:21:26 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Owner.familyroom\Desktop\fixme.reg
[2011/06/15 08:37:23 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\look.bat
[2011/06/12 16:04:45 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Owner.familyroom\Desktop\allstar.wps
[2011/05/27 16:45:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.familyroom\Desktop\0.33545049855094955.exe
[2011/05/26 23:26:36 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\Owner.familyroom\Desktop\Nero StartSmart.lnk
[2011/05/26 23:22:49 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\Owner.familyroom\My Documents\Nero StartSmart.lnk
[2011/05/02 19:58:03 | 000,018,324 | -HS- | C] () -- C:\Documents and Settings\Owner.familyroom\Local Settings\Application Data\o5u43co1a1n638vju58hm7ye2rvoto7dfp73q2oqcv1l
[2011/05/02 19:58:03 | 000,018,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o5u43co1a1n638vju58hm7ye2rvoto7dfp73q2oqcv1l
[2011/04/18 00:59:19 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/10/31 15:52:31 | 000,000,105 | ---- | C] () -- C:\WINDOWS\RCAMPEG4VC.ini
[2010/05/22 12:22:21 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2010/05/22 11:55:14 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/02/08 21:30:57 | 000,048,940 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/14 18:41:28 | 000,000,522 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/11/11 18:00:09 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/08/29 09:15:58 | 000,000,246 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/08/29 09:15:49 | 000,000,047 | ---- | C] () -- C:\WINDOWS\PWP.INI
[2009/08/29 09:12:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2009/08/29 09:09:45 | 000,000,140 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/07/27 22:33:49 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/04/13 21:32:18 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/02/27 21:21:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/25 16:29:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/02/10 19:53:53 | 000,000,816 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/02/01 16:38:50 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/01 16:38:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/28 20:46:10 | 000,000,503 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/01/25 23:15:17 | 000,000,474 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/01/25 23:15:13 | 000,000,108 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/01/25 22:53:51 | 000,007,910 | ---- | C] () -- C:\Documents and Settings\Owner.familyroom\Application Data\wklnhst.dat
[2008/12/22 17:10:30 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\Owner.familyroom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/14 23:46:41 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Owner.familyroom\Local Settings\Application Data\fusioncache.dat
[2008/12/14 22:29:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/14 22:28:10 | 000,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2008/12/14 22:28:10 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2008/12/14 22:28:10 | 000,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
[2008/12/14 22:28:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2008/12/14 22:28:10 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2008/12/14 22:28:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2008/12/14 22:27:48 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2008/12/14 22:26:55 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/12/14 22:26:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/14 22:23:39 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/12/14 22:20:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/14 22:03:08 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2008/12/13 02:02:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/12/13 02:01:38 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/12/13 02:01:38 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/12/13 02:01:30 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/12/13 02:01:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/12/13 02:01:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/12/13 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/12/13 01:59:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/12/13 01:57:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/12/13 01:56:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/09/07 10:38:36 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/21 03:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 03:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 03:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 03:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 03:24:58 | 000,001,436 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 03:24:57 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 03:23:22 | 000,444,028 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 03:23:22 | 000,071,904 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/16 20:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 20:30:47 | 000,312,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/17 11:45:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\LEXPING.EXE
[2006/01/30 06:42:22 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 01:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2001/01/19 01:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449

< End of report >




OTL Extras logfile created on: 6/18/2011 3:37:58 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner.familyroom\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

445.57 Mb Total Physical Memory | 116.57 Mb Available Physical Memory | 26.16% Memory free
1.03 Gb Paging File | 0.42 Gb Available in Paging File | 41.42% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.76 Gb Total Space | 119.86 Gb Free Space | 83.37% Space Free | Partition Type: NTFS
Drive D: | 5.28 Gb Total Space | 2.24 Gb Free Space | 42.40% Space Free | Partition Type: FAT32

Computer Name: FAMILYROOM | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1229315389\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1229315389\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12BA4B30-873F-4F14-BB3A-2C0EF8C3A6C7}" = BlackBerry Device Software v4.6.0 for the BlackBerry 8220 smartphone
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F9EEAFC-F952-4771-9AD3-23F724D7FDFE}" = Coby Media Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{39822393-2324-4705-9010-1AB76DA144A2}" = BlackBerry Desktop Software 4.6
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}" = SeaWorld Adventure Park Tycoon
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9944aa9e-362d-11d3-81ab-00c04fb932ba}" = Microsoft Home Publishing 2000
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B6B834C0-0000-4F87-B767-D58D8035EC0E}" = RCA Video Converter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}" = Roxio Media Manager
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"ATI Display Driver" = ATI Display Driver
"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst &reg;
"BlackBerry_{39822393-2324-4705-9010-1AB76DA144A2}" = BlackBerry Desktop Software 4.6
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Diner Dash 2" = Diner Dash 2
"DVDStyler_is1" = DVDStyler v1.6.2
"e73929e6421e8354add4ceb2f95d6e2a" = 1001 Nights - The Adventures of Sindbad
"Feeding Frenzy 2 Deluxe 1.0" = Feeding Frenzy 2 Deluxe 1.0
"FrostWire" = FrostWire 4.21.3
"Gateway Game Console" = Gateway Game Console
"Google Desktop" = Google Desktop
"Graboid Video" = Graboid Video 1.65
"Hide and Secret 2" = Hide and Secret 2
"HSODIKey" = Scholastic's Huggly's Sleepover
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"JumpStart Advanced PreSchool Explore and Learn" = JumpStart Advanced PreSchool Explore and Learn
"JumpStart Art for Fun" = JumpStart Art for Fun
"JumpStart Languages" = JumpStart Languages
"Lexmark 1200 Series" = Lexmark 1200 Series
"Mall Tycoon" = Mall Tycoon
"McAfee Security Scan" = McAfee Security Scan
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
"MSC" = McAfee Total Protection
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"oggcodecs" = oggcodecs 0.71.0946
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Playsushi" = PlaySushi
"RCA Detective™_is1" = RCA Detective™ 2.0.0.98
"RCA easyRip_is1" = RCA easyRip™ 2.0.7.0
"RCA easyRip™_is1" = RCA easyRip™ 1.4.5.0
"RealPlayer 6.0" = RealPlayer Basic
"RollerCoaster Tycoon Setup" = Roll
"Save Our Spirit" = Save Our Spirit
"ShapeCollage" = Shape Collage
"Smart Steps 3rd Grade" = Smart Steps 3rd Grade
"TuneUpMedia" = TuneUp Companion 1.9.0
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Wild West Quest" = Wild West Quest
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0200" = Microsoft WinUsb 2.0
"WMFDist11" = Windows Media Format 11 runtime
"Works2kSetup" = Microsoft Works 2000 Setup Launcher
"WT010646" = Bejeweled 2 Deluxe
"WT010649" = Diner Dash
"WT010651" = Penguins!
"WT010654" = SCRABBLE
"WT010655" = Tradewinds
"WT010660" = Polar Bowler
"WT010661" = Polar Golfer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XobniMain" = Xobni
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3219311145-3949519527-3346095346-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2011 4:06:01 PM | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/9/2011 11:51:01 PM | Computer Name = FAMILYROOM | Source = VSS | ID = 12302
Description = Volume Shadow Copy Service error: An internal inconsistency was detected
in trying to contact shadow copy service writers. Please check to see that the
Event Service and Volume Shadow Copy Service are operating properly.

Error - 6/11/2011 2:08:37 AM | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2011 4:28:45 PM | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2011 4:28:46 PM | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 10:48:26 AM | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 10:48:26 AM | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 8:30:57 PM | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 9:31:02 PM | Computer Name = FAMILYROOM | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3452 (0xd7c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.333
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Owner.familyroom\Local
Settings\Temporary Internet Files\Content.IE5\W36XBFGL\searchCAZVN8UI by C:\Program
Files\Internet Explorer\IEXPLORE.EXE 4(1282)(0) 4(1172)(0) 7200(125)(0) 7595(125)(0)

7005(63)(0) 7004(63)(0) 5006(63)(0) 5004(63)(0)

Error - 6/15/2011 9:31:02 PM | Computer Name = FAMILYROOM | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3428 (0xd64) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.333
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Owner.familyroom\Local
Settings\Temporary Internet Files\Content.IE5\DH6MD9L6\searchCA9HZHRB by C:\Program
Files\Internet Explorer\IEXPLORE.EXE 4(1359)(0) 4(1234)(0) 7200(437)(0) 7595(437)(0)

7005(31)(0) 7004(31)(0) 5006(31)(0) 5004(31)(0)

[ System Events ]
Error - 6/11/2011 3:23:32 AM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/11/2011 3:23:32 AM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/11/2011 3:23:32 AM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7031
Description = The McAfee Anti-Spam Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/12/2011 4:51:15 PM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/14/2011 6:13:36 PM | Computer Name = FAMILYROOM | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/14/2011 6:13:36 PM | Computer Name = FAMILYROOM | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/15/2011 9:31:25 PM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 6/17/2011 11:10:27 PM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/18/2011 5:26:38 PM | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/18/2011 5:28:48 PM | Computer Name = FAMILYROOM | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:06:06 PM

Posted 18 June 2011 - 11:53 PM

Hi,

Do you know what is this => C:\Documents and Settings\Owner.familyroom\Desktop\0.33545049855094955.exe


Viewpoint Warning:
I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player


=====================================


1. Please go to Control Panel > Add Remove Programs and uninstall PlaySushi.


2. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll (PlaySushi LLC)
    O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - File not found
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Easy Dock] File not found
    O4 - HKLM..\Run: [VirusScan Online] File not found
    O4 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006..\Run: [Power2GoExpress] File not found
    O4 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006..\Run: [rQcDdQaEEBwu] File not found
    O4 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006..\Run: [Weather] File not found
    O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - File not found
    O35 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006..exefile [open] -- "%1" %*
    O37 - HKU\S-1-5-21-3219311145-3949519527-3346095346-1006\...exe [@ = exefile] -- "%1" %*
    [2011/06/18 15:21:27 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\Owner.familyroom\Desktop\fixme.reg
    [2011/05/02 19:58:03 | 000,018,324 | -HS- | C] () -- C:\Documents and Settings\Owner.familyroom\Local Settings\Application Data\o5u43co1a1n638vju58hm7ye2rvoto7dfp73q2oqcv1l
    [2011/05/02 19:58:03 | 000,018,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o5u43co1a1n638vju58hm7ye2rvoto7dfp73q2oqcv1l
    
    :Files
    C:\Program Files\PlaySushi
    
    :Commands
    [REBOOT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 pamendoza

pamendoza
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 19 June 2011 - 12:14 PM

first of all i have no idea what this is.
C:\Documents and Settings\Owner.familyroom\Desktop\0.33545049855094955.exe

i tried to open it and it said some error so not sure about that.

Second i ran the fix and it ask to reboot i clicked ok and when it rebooted no message box came up so i can get the log. should i run again?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users