Jump to content

Please Help!!


Recommended Posts

Hello,

Several weeks ago AT&T switched from providing Norton to McAfee. During the switch (I assume), I contracted a Trojan virus ~ Vundo.h. I downloaded Malwarebytes and it quarantined and deleted it. Then on Tuesday (5/26) I received a popup on my screen from Spyware Protect 2009. By the time I closed the page, it was too late. I immediately disconnected from the internet and tried to run Malwarebytes but only received a few seconds of the hourglass, then no response. McAfee started to load, but froze before it begun to scan. So I re-booted and the McAfee had been disabled, still no response from Malwarebytes, and the IE kept trying to open on it's own but was still offline from the internet.

Since then I have tried to uninstall and reinstall Malwarebytes twice, even trying to rename it. No such luck. I have also tried (under the advice of a somewhat computer savvy friend):

Spybot S&D - installed but refused to run

AVG - ran once, found 14 errors,(system guard.exe) claimed to contain & delete them but upon reboot failed to run again

Avira - ran, cleaned up 13 out 14 noted problems, upon reboot system crashed again

Combofix - won't start

HJT - won't start

Ccleaner

MGtools - I was told this was a variations of HJT, runs and produces a report/log

SuperAntiSpyware - worked during my vundo.h problem, now will not run

Other complicated symptoms include:

-every time I try to open IE, it asks if I want to restore last sessions tabs, if I accept I get dozens of pages opened to gibberish.

- if I try using Google, I can only open pages in the cached otherwise I get redirected to Spyware company sales pages.

- Yesterday I couldn't open my email, when I tried to log in I received a phony page saying that Windows blocked the page from loading and I needed to protect my computer with Spyware Protect 2009 with a link to their site but no way around it with out shutting down.

- any time I installed one of these new programs, upon start-up I would get a blue page complaining of driver problems. I would have to reboot and uninstall whichever program was last installed.

- I tried to do a system restore but after I selected a date prior to this infection, the next/accept button was disabled.

Sorry for such a long post, but I am hoping the more info you have the more help you will be able to give me. It has been a frustrating 72hrs. Thank you fr any help you are able to provide. It is much appreciated.

Also, I was finally able to run Malwarebytes tonight after finding a randomizing tool on your forum. Thank you for that. I couldn't browse the files to use the attachment system so my logs are pasted below.

-------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.37

Database version: 2195

Windows 5.1.2600 Service Pack 3

5/30/2009 3:01:24 AM

mbam-log-2009-05-30 (03-01-24).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 167291

Time elapsed: 48 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

-------------------------------------------------------------------------------------------------------

MGTools.exe

MGlogs.zip

MGlogs.zip

Link to post
Share on other sites

Hello Flutterbye

Welcome to Malwarebytes. :P

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
Link to post
Share on other sites

Sorry it took so long. I first time I ran the second program it froze during the scan. The second time, when I tried to open the results log, it opened in 20 or 30 windows and began scrolling and deleting the log. I rebooted and received that blue screen error about dumping the physical memory again.

Here are the logs: Thanks again for your help!

OTL logfile created on: 5/30/2009 11:15:48 AM - Run 1

OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 149.21 Mb Available Physical Memory | 33.42% Memory free

1.03 Gb Paging File | 0.44 Gb Available in Paging File | 42.90% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 140.47 Gb Total Space | 122.31 Gb Free Space | 87.07% Space Free | Partition Type: NTFS

Drive D: | 8.56 Gb Total Space | 0.59 Gb Free Space | 6.90% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DAYTONGIRLS

Current User Name: Compaq_Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\WINDOWS\arservice.exe (Microsoft)

PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe ()

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\ARPWRMSG.EXE (Microsoft)

PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdmserv.exe (Lexmark International, Inc.)

PRC - C:\WINDOWS\system32\lxdmcoms.exe ( )

PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

PRC - C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)

PRC - C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)

PRC - C:\Program Files\Lexmark 5000 Series\lxdmmon.exe ()

PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan\McShield.exe (McAfee, Inc.)

PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()

PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\DISC\DiscStreamHub.exe (Digital Interactive Systems Corporation, Inc.)

PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)

PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdmPSWX.EXE ()

PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)

PRC - c:\Program Files\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LeapFrog Connect Device Service [Auto | Running]) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe ()

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (lxdmCATSCustConnectService [Auto | Running]) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe ()

SRV - (lxdm_device [Auto | Running]) -- C:\WINDOWS\system32\lxdmcoms.exe ( )

SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

SRV - (McShield [unknown | Running]) -- C:\Program Files\McAfee\VirusScan\McShield.exe (McAfee, Inc.)

SRV - (McSysmon [Disabled | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AmdK8 [system | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)

DRV - (avgio [system | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)

DRV - (avipbb [system | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)

DRV - (CCCP106 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cccp106.sys ()

DRV - (DCamUSBSQTECH [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys (Service & Quality Technology.)

DRV - (FlyUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\FlyUsb.sys (LeapFrog)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (HSX_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.)

DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (MCSTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (mfehidk [system | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (MPFP [system | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (NVENETFD [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)

DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (ssmdrv [system | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)

DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (winachsx [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (ZD1211BU(ZyDAS) [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys (ZyDAS Technology Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/28 11:56:18 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/27 00:50:47 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/28 11:56:40 | 00,000,000 | ---D | M]

[2009/04/19 21:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions

[2009/04/19 21:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/04/19 21:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\mozilla\Firefox\Profiles\31r6n7p4.default\extensions

[2009/05/29 12:35:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/05/27 00:50:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/05/28 11:56:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/05/27 00:50:41 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/05/27 00:50:41 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/03/26 11:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/03/26 11:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/03/26 11:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/03/26 11:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/03/26 11:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/03/26 11:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

Hosts file not found

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)

O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)

O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui (Digital Interactive Systems Corporation)

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode File not found

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Lexmark 5000 Series Fax Server] "C:\Program Files\Lexmark 5000 Series\fm3032.exe" /s ()

O4 - HKLM..\Run: [lxdmamon] "C:\Program Files\Lexmark 5000 Series\lxdmamon.exe" ()

O4 - HKLM..\Run: [lxdmmon.exe] "C:\Program Files\Lexmark 5000 Series\lxdmmon.exe" ()

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)

O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)

O4 - HKLM..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" ()

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

O4 - HKLM..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found

O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)

O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (Red Egg Software)

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (Red Egg Software)

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found

O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)

O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found

O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)

O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1171136630656 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1171136624750 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...570/mcfscan.cab (McFreeScan Class)

O16 - DPF: ActiveGS.cab http://www.virtualapple.org/activegs.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/30 21:02:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - * [2009/05/30 11:03:20 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]

[7 C:\WINDOWS\*.tmp files]

[2009/05/30 11:03:17 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe

[2009/05/30 02:05:30 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\562020501562.lnk

[2009/05/30 01:40:46 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\HJTInstall.exe

[2009/05/30 01:11:50 | 00,335,872 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\jrwife5.wps

[2009/05/29 23:05:13 | 00,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/05/29 23:04:23 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2009/05/29 23:04:23 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/05/29 23:04:23 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2009/05/29 23:04:23 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2009/05/29 23:04:23 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2009/05/29 23:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\Avira

[2009/05/29 23:04:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2009/05/29 23:00:53 | 30,075,904 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\avira_antivir_personal_en.exe

[2009/05/28 21:36:05 | 00,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/05/28 21:35:59 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/05/28 21:35:57 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/05/28 21:35:57 | 00,000,000 | ---D | C] -- C:\Program Files\yoyo

[2009/05/28 20:22:56 | 00,287,232 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\jrwife4.wps

[2009/05/28 18:56:46 | 46,824,2432 | -HS- | C] () -- C:\hiberfil.sys

[2009/05/28 11:40:37 | 03,003,735 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe

[2009/05/28 09:53:18 | 00,000,000 | ---D | C] -- C:\Program Files\MB

[2009/05/28 09:47:08 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2009/05/27 22:30:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8

[2009/05/27 11:45:23 | 06,406,688 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\SAS.exe

[2009/05/27 09:49:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/05/27 00:24:26 | 00,126,343 | ---- | C] () -- C:\MGlogs.zip

[2009/05/27 00:24:23 | 00,000,000 | ---D | C] -- C:\MGtools

[2009/05/27 00:18:06 | 01,341,441 | ---- | C] () -- C:\MGtools.exe

[2009/05/25 21:53:45 | 00,075,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\derek.wps

[2009/05/25 21:37:57 | 00,084,992 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Michael.wps

[2009/05/24 22:34:24 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll

[2009/05/24 22:34:24 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll

[2009/05/24 22:34:24 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll

[2009/05/24 22:34:24 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll

[2009/05/24 22:34:24 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll

[2009/05/24 22:34:24 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll

[2009/05/24 22:34:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll

[2009/05/24 22:34:24 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll

[2009/05/24 22:34:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll

[2009/05/24 22:34:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll

[2009/05/24 22:34:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll

[2009/05/24 22:34:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll

[2009/05/24 00:15:50 | 00,090,624 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Personality profile.wps

[2009/05/23 23:22:37 | 00,333,824 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\jerrywife3.wps

[2009/05/23 10:56:48 | 00,363,008 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\jrwife.wps

[2009/05/23 01:57:29 | 00,270,848 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Jerrywife.wps

[2009/05/19 10:36:24 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/05/19 02:06:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\temp

[2009/05/19 01:59:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/05/19 01:59:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/05/19 01:59:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/05/19 01:59:17 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe

[2009/05/19 01:59:17 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/05/19 01:59:17 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/05/19 01:59:17 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/05/19 01:59:17 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/05/19 01:59:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/05/19 01:55:34 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/05/18 22:57:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009/05/18 22:50:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue

[2009/05/18 22:46:36 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\vundohhelp.wps

[2009/05/18 22:26:52 | 06,367,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\SUPERAntiSpyware.exe

[2009/05/18 22:25:10 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\My Documents\mb.exe

[2009/05/18 15:05:48 | 00,001,556 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CCleaner.lnk

[2009/05/18 15:05:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/05/15 14:20:46 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\9B0A23

[2009/05/15 13:45:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/05/15 13:25:50 | 00,093,696 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\myvundoremovalguide.wps

[2009/05/14 17:38:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/05/06 19:06:17 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Avon Campaign Emails Messages.wps

[2009/05/03 18:35:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Google

[2009/05/03 18:35:37 | 00,000,000 | ---D | C] -- C:\Program Files\Google

[2009/05/03 17:04:06 | 00,000,553 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\AVIConverter.lnk

[2009/05/03 17:04:05 | 00,000,000 | ---D | C] -- C:\Program Files\AVIConverter

[2009/05/02 18:17:45 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys

[2009/05/02 18:17:45 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys

[2009/04/30 14:05:36 | 00,014,336 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cooking supplies.wps

[2009/04/20 11:02:28 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{512A31DE-EA49-4AEC-AE64-AEF842DE8ABA}_WiseFW.ini

[2009/03/06 14:46:24 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2009/03/06 14:46:24 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2009/02/09 10:14:48 | 00,000,108 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI

[2009/01/19 19:54:51 | 00,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini

[2009/01/19 19:53:04 | 00,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV

[2009/01/19 19:52:41 | 00,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL

[2009/01/19 19:52:23 | 00,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL

[2009/01/19 19:52:23 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL

[2008/09/26 09:23:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2008/07/11 13:18:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2008/05/29 16:33:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini

[2008/01/29 00:44:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdmvs.dll

[2008/01/29 00:44:36 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdmcoin.dll

[2008/01/29 00:43:25 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdmcaps.dll

[2008/01/29 00:43:24 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdmdrs.dll

[2008/01/29 00:43:24 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmcnv4.dll

[2008/01/29 00:42:30 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDMPMON.DLL

[2008/01/29 00:42:30 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDMFXPU.DLL

[2008/01/29 00:42:09 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdmoem.dll

[2008/01/29 00:31:55 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdmrwrd.ini

[2008/01/29 00:31:38 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdminst.dll

[2008/01/29 00:31:37 | 00,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhcp.dll

[2008/01/29 00:31:36 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdminpa.dll

[2008/01/29 00:31:35 | 00,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmusb1.dll

[2008/01/29 00:31:35 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmiesc.dll

[2008/01/29 00:31:34 | 01,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmserv.dll

[2008/01/29 00:31:33 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmpmui.dll

[2008/01/29 00:31:33 | 00,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmlmpm.dll

[2008/01/29 00:31:33 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmprox.dll

[2008/01/29 00:31:30 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmhbn3.dll

[2008/01/29 00:31:29 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdmgrd.dll

[2008/01/29 00:31:27 | 00,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomc.dll

[2008/01/29 00:31:27 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdmcomm.dll

[2008/01/10 01:57:03 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\EF3971DDAF.sys

[2008/01/10 00:41:24 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2007/12/27 21:43:54 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini

[2007/06/12 16:06:30 | 00,000,307 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/04/02 17:37:06 | 00,227,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\cccp106.sys

[2007/04/02 17:37:06 | 00,036,864 | ---- | C] () -- C:\WINDOWS\JPGL.DLL

[2007/04/02 17:37:06 | 00,032,768 | ---- | C] () -- C:\WINDOWS\DIV_IYUV.DLL

[2007/04/02 17:37:05 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dcccp106.dll

[2007/04/02 17:37:05 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vcccp106.dll

[2007/04/02 17:37:05 | 00,015,542 | ---- | C] () -- C:\WINDOWS\cccp106.ini

[2007/04/02 17:37:05 | 00,000,321 | ---- | C] () -- C:\WINDOWS\DC2110a.ini

[2006/11/20 03:43:36 | 00,000,031 | ---- | C] () -- C:\WINDOWS\album.ini

[2006/11/10 14:43:50 | 00,001,065 | ---- | C] () -- C:\WINDOWS\photoprn.ini

[2006/11/10 14:42:47 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini

[2006/11/09 21:21:48 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2006/08/01 14:48:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/08/01 14:21:38 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2006/08/01 14:13:57 | 00,012,987 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2006/08/01 14:13:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2006/08/01 14:10:22 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/08/01 13:59:52 | 00,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2006/08/01 13:58:31 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini

[2006/08/01 13:52:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2006/08/01 13:48:47 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/08/01 13:48:47 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/08/01 13:48:47 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/08/01 13:48:47 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/08/01 13:48:47 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/08/01 13:48:47 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/08/01 13:48:47 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/08/01 13:47:18 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006/08/01 13:25:33 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2006/06/16 11:58:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/08/30 21:02:00 | 00,000,831 | ---- | C] () -- C:\WINDOWS\win.ini

[2005/08/30 13:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2005/08/05 21:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/08/02 23:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll

[2004/07/26 07:51:38 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/07/14 12:30:28 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]

[5 C:\WINDOWS\System32\*.tmp files]

[7 C:\WINDOWS\*.tmp files]

[2009/05/30 11:14:12 | 00,017,661 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2009/05/30 11:03:20 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe

[2009/05/30 10:46:47 | 00,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2009/05/30 10:41:39 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/05/30 10:41:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\desktop.ini

[2009/05/30 10:41:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/05/30 10:41:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/05/30 10:41:02 | 46,824,2432 | -HS- | M] () -- C:\hiberfil.sys

[2009/05/30 09:34:10 | 00,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6E6FCB2B-A5EC-43FA-8250-FFE76435C16B}.job

[2009/05/30 03:52:56 | 00,126,343 | ---- | M] () -- C:\MGlogs.zip

[2009/05/30 03:52:45 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/05/30 02:05:31 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\562020501562.lnk

[2009/05/30 01:40:47 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\HJTInstall.exe

[2009/05/30 01:11:54 | 00,019,086 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat

[2009/05/30 01:11:53 | 00,335,872 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\jrwife5.wps

[2009/05/29 23:05:13 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/05/29 23:01:38 | 30,075,904 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\avira_antivir_personal_en.exe

[2009/05/28 21:36:05 | 00,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/05/28 20:22:57 | 00,287,232 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\jrwife4.wps

[2009/05/28 11:40:50 | 03,003,735 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe

[2009/05/27 11:45:24 | 06,406,688 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\SAS.exe

[2009/05/27 09:53:26 | 00,000,831 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/05/27 09:53:26 | 00,000,279 | RHS- | M] () -- C:\boot.ini

[2009/05/27 09:53:26 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/05/27 00:18:06 | 01,341,441 | ---- | M] () -- C:\MGtools.exe

[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/05/25 22:08:22 | 00,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma

[2009/05/25 22:08:22 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\9B0A23

[2009/05/25 21:53:46 | 00,075,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\derek.wps

[2009/05/25 21:37:58 | 00,084,992 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Michael.wps

[2009/05/24 00:27:12 | 00,090,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Personality profile.wps

[2009/05/23 23:22:38 | 00,333,824 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\jerrywife3.wps

[2009/05/23 11:27:29 | 00,002,523 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 9.lnk

[2009/05/23 10:56:48 | 00,363,008 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\jrwife.wps

[2009/05/23 01:57:29 | 00,270,848 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Jerrywife.wps

[2009/05/18 22:46:36 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\vundohhelp.wps

[2009/05/18 22:26:52 | 06,367,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\SUPERAntiSpyware.exe

[2009/05/18 22:25:24 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\My Documents\mb.exe

[2009/05/18 16:29:55 | 00,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI

[2009/05/18 15:05:50 | 00,001,556 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CCleaner.lnk

[2009/05/15 13:25:54 | 00,093,696 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\myvundoremovalguide.wps

[2009/05/15 01:11:27 | 00,000,370 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job

[2009/05/14 17:50:08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe

[2009/05/07 00:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/05/06 19:06:18 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Avon Campaign Emails Messages.wps

[2009/05/03 17:04:06 | 00,000,553 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\AVIConverter.lnk

[2009/05/01 01:02:58 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job

[2009/04/30 14:05:36 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\cooking supplies.wps

========== LOP Check ==========

[2009/05/29 23:04:19 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data

[2008/01/29 00:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5000 Series

[2007/02/05 11:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/05/28 09:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8

[2009/05/29 23:04:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira

[2006/12/14 14:46:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA

[2006/08/01 14:06:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2007/07/16 16:40:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation

[2009/05/14 21:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2006/08/01 14:41:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

[2006/08/01 13:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2006/08/01 14:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit

[2009/04/19 23:14:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog

[2009/04/19 20:16:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/04/20 01:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2009/03/06 14:46:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2007/10/23 21:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles

[2007/08/26 18:10:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2008/07/11 13:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2006/11/28 00:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2006/08/01 13:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2009/04/20 01:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

[2006/08/01 13:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic

[2009/05/28 18:53:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2009/05/18 22:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009/04/20 00:53:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2009/05/14 22:05:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/10/09 20:42:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R

[2007/05/17 23:25:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2006/11/10 13:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks

[2009/03/26 11:25:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2007/02/10 12:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2007/12/16 15:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO

[2009/04/15 15:11:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2009/04/15 15:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

[2009/05/30 01:11:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data

[2008/01/29 01:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\5000 Series

[2009/03/20 13:05:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe

[2008/06/01 18:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM

[2006/11/20 21:39:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Aim

[2006/11/20 03:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ArcSoft

[2007/01/05 11:42:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\CyberLink

[2009/04/19 20:08:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\GetRightToGo

[2009/05/14 18:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Google

[2007/11/03 14:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HP

[2006/11/15 12:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HPQ

[2005/11/14 18:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Identities

[2008/07/19 16:54:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ieSpell

[2006/08/01 14:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit

[2009/04/10 21:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\iudboecd

[2008/01/10 01:53:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Jasc Software Inc

[2008/01/29 01:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Lexmark Productivity Studio

[2007/04/12 19:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia

[2009/04/19 20:16:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes

[2009/03/28 18:40:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\McAfee

[2009/05/28 09:32:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft

[2009/05/27 09:14:58 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks

[2009/04/19 21:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla

[2008/04/25 11:14:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Real

[2007/02/04 21:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Sun

[2006/12/04 15:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Template

[2009/05/18 22:50:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue

[2007/05/17 23:25:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Viewpoint

[2007/07/31 13:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch

[2009/04/15 15:11:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\yahoo!

[2004/08/10 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/05/15 01:11:27 | 00,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

[2009/05/01 01:02:58 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

[2009/05/30 10:41:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/05/30 09:34:10 | 00,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E6FCB2B-A5EC-43FA-8250-FFE76435C16B}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

*****************

OTL Extras logfile created on: 5/30/2009 11:15:48 AM - Run 1

OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 149.21 Mb Available Physical Memory | 33.42% Memory free

1.03 Gb Paging File | 0.44 Gb Available in Paging File | 42.90% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 140.47 Gb Total Space | 122.31 Gb Free Space | 87.07% Space Free | Partition Type: NTFS

Drive D: | 8.56 Gb Total Space | 0.59 Gb Free Space | 6.90% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DAYTONGIRLS

Current User Name: Compaq_Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

C:\Program Files\DISC\DiscStreamHub.exe:*:Disabled:DISCover Stream Hub (Digital Interactive Systems Corporation, Inc.)

C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox (Mozilla Corporation)

C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)

C:\Program Files\Lexmark 5000 Series\lxdmmon.exe:*:Disabled:Printer Device Monitor ()

C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 (Microsoft Corporation)

C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe File not found

C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe File not found

C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe File not found

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1

"{512A31DE-EA49-4AEC-AE64-AEF842DE8ABA}" = LeapFrog Connect

"{53661815-565E-4553-9D1A-D0666336B1C9}" = ArcSoft Software Suite

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox

"{581CE7EA-A30D-0000-1211-088635773309}" = 2WIRE Wireless LAN - USB Driver

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig

"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3

"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config

"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D2FCC296-2DAA-44BE-A324-0F8222C187E0}" = LeapFrog Tag Plugin

"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview

"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"0E5906722E3ECA13747F1633D3F55E9F47120424" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)

"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic

"225af9a1-b556-11d5-94aa-0010b5426419" = MyDSC_CIF

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"AVIConverter" = AVIConverter 3.0

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AwayMode160" = Microsoft Away Mode

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"BroadJump Client Foundation" = BroadJump Client Foundation

"CAL" = Canon Camera Access Library

"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX

"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CCleaner" = CCleaner (remove only)

"CIF USB Camera (2110A)" = CIF USB Camera (2110A)

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP

"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8

"CSCLIB" = Canon Camera Support Core Library

"DISCover" = HP Games 3.43.97

"EOS Utility" = Canon Utilities EOS Utility

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"ieSpell" = ieSpell

"InterActual Player" = InterActual Player

"Jay Jay Earns His Wings" = Jay Jay Earns His Wings

"Lexmark 5000 Series" = Lexmark 5000 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)

"MSC" = McAfee SecurityCenter

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"PhotoStitch" = Canon Utilities PhotoStitch

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealPlayer 6.0" = RealPlayer

"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX

"Rhapsody" = Rhapsody

"Rrm1_32.exe" = Reader Rabbit's Math 1

"Shop for HP Supplies" = Shop for HP Supplies

"UPCShell" = LeapFrog Connect

"ViewpointMediaPlayer" = Viewpoint Media Player

"WildTangent compaq Master Uninstall" = My HP Games

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Applications" = AT&T Yahoo! Applications

"Yahoo! Software Update" = Yahoo! Software Update

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/30/2009 1:24:35 PM | Computer Name = DAYTONGIRLS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 lxdmamon.exe, P2 1.0.2708.12784, P3 46600bb0,

P4 amon, P5 1.0.2708.12784, P6 46600bb0, P7 1, P8 0, P9 system.typeinitialization,

P10 NIL.

Error - 5/30/2009 1:28:10 PM | Computer Name = DAYTONGIRLS | Source = .NET Runtime | ID = 0

Description =

Error - 5/30/2009 1:31:16 PM | Computer Name = DAYTONGIRLS | Source = .NET Runtime | ID = 0

Description =

Error - 5/30/2009 1:34:42 PM | Computer Name = DAYTONGIRLS | Source = .NET Runtime | ID = 0

Description =

Error - 5/30/2009 1:41:36 PM | Computer Name = DAYTONGIRLS | Source = .NET Runtime | ID = 0

Description =

Error - 5/30/2009 1:44:33 PM | Computer Name = DAYTONGIRLS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 lxdmamon.exe, P2 1.0.2708.12784, P3 46600bb0,

P4 amon, P5 1.0.2708.12784, P6 46600bb0, P7 1, P8 0, P9 system.typeinitialization,

P10 NIL.

Error - 5/30/2009 1:45:57 PM | Computer Name = DAYTONGIRLS | Source = .NET Runtime | ID = 0

Description =

Error - 5/30/2009 2:01:24 PM | Computer Name = DAYTONGIRLS | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2009 2:01:31 PM | Computer Name = DAYTONGIRLS | Source = Application Hang | ID = 1001

Description = Fault bucket 1180947459.

Error - 5/30/2009 2:07:40 PM | Computer Name = DAYTONGIRLS | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 lxdmamon.exe, P2 1.0.2708.12784, P3 46600bb0,

P4 amon, P5 1.0.2708.12784, P6 46600bb0, P7 1, P8 0, P9 system.typeinitialization,

P10 NIL.

[ System Events ]

Error - 5/30/2009 1:36:24 PM | Computer Name = DAYTONGIRLS | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ftsata2

Error - 5/30/2009 1:37:00 PM | Computer Name = DAYTONGIRLS | Source = DCOM | ID = 10010

Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register

with DCOM within the required timeout.

Error - 5/30/2009 1:39:17 PM | Computer Name = DAYTONGIRLS | Source = DCOM | ID = 10010

Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register

with DCOM within the required timeout.

Error - 5/30/2009 1:42:07 PM | Computer Name = DAYTONGIRLS | Source = DCOM | ID = 10010

Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register

with DCOM within the required timeout.

Error - 5/30/2009 1:43:00 PM | Computer Name = DAYTONGIRLS | Source = System Error | ID = 1003

Description = Error code 100000d1, parameter1 e21c2000, parameter2 00000002, parameter3

00000000, parameter4 f3667b00.

Error - 5/30/2009 1:43:54 PM | Computer Name = DAYTONGIRLS | Source = Service Control Manager | ID = 7000

Description = The hfusm service failed to start due to the following error: %%2

Error - 5/30/2009 1:43:54 PM | Computer Name = DAYTONGIRLS | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ftsata2

Error - 5/30/2009 1:44:25 PM | Computer Name = DAYTONGIRLS | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the NVSvc service.

Error - 5/30/2009 1:46:27 PM | Computer Name = DAYTONGIRLS | Source = DCOM | ID = 10010

Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register

with DCOM within the required timeout.

Error - 5/30/2009 2:07:55 PM | Computer Name = DAYTONGIRLS | Source = Print | ID = 6161

Description = The document Untitled owned by Compaq_Administrator failed to print

on printer Lexmark 5000 Series. Data type: LEMF. Size of the spool file in bytes:

1079628. Number of bytes printed: 1079628. Total number of pages in the document:

2. Number of pages printed: 0. Client machine: \\DAYTONGIRLS. Win32 error code

returned by the print processor: 0 (0x0).

< End of report >

Link to post
Share on other sites

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-30 15:29:22

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF33159AA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF3315A41]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF3315958]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF331596C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF3315A55]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF3315A81]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF3315AF4]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF3315AD9]

Code 84B157A8 ZwFlushInstructionCache

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF33159EA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF3315B1E]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF3315A2D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF3315930]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF3315944]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF33159BE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF3315B5A]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF3315AC3]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF3315AAD]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF3315A6B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF3315B46]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF3315B32]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF3315996]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF3315982]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF3315A97]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF3315A19]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF3315B08]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF3315A00]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF33159D4]

Code 84B026FE IofCallDriver

Code 84AF6746 IofCompleteRequest

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 84B02703

.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 84AF674B

.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP F33159D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP F33159AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtMapViewOfSection 805A7500 7 Bytes JMP F33159EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8316 5 Bytes JMP F3315A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 84B157AC

PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA94 7 Bytes JMP F33159C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP F3315934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP F3315948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP F3315986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP F3315970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP F331595C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP F331599A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP F3315A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryValueKey 80618568 7 Bytes JMP F3315AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetValueKey 806188B6 7 Bytes JMP F3315A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnloadKey 80618BE0 7 Bytes JMP F3315B0C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8061947E 7 Bytes JMP F3315AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRenameKey 80619D52 7 Bytes JMP F3315A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateKey 8061A330 5 Bytes JMP F3315A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7C0 7 Bytes JMP F3315A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A990 7 Bytes JMP F3315A85 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP F3315AF8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8061ADDA 7 Bytes JMP F3315ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwOpenKey 8061B702 5 Bytes JMP F3315A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryKey 8061BA28 7 Bytes JMP F3315B5E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRestoreKey 8061BCE8 5 Bytes JMP F3315B36 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwReplaceKey 8061C3DC 5 Bytes JMP F3315B4A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061C4F6 5 Bytes JMP F3315B22 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[252] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0080000A

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[252] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0081000A

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text C:\Program Files\McAfee\VirusScan\McShield.exe[404] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006D000A

.text C:\Program Files\McAfee\VirusScan\McShield.exe[404] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006E000A

.text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0064000A

.text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0065000A

.text C:\WINDOWS\system32\services.exe[580] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0064000A

.text C:\WINDOWS\system32\services.exe[580] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0065000A

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0000

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0F57

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0F72

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0F83

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0040

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0FA8

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0078

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0067

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD00A4

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0093

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD00BF

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD002F

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0FEF

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F3C

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD0FCD

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0FDE

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD0F15

.text C:\WINDOWS\system32\services.exe[580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070025

.text C:\WINDOWS\system32\services.exe[580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0007006C

.text C:\WINDOWS\system32\services.exe[580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070014

.text C:\WINDOWS\system32\services.exe[580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00070FDE

.text C:\WINDOWS\system32\services.exe[580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070FAF

.text C:\WINDOWS\system32\services.exe[580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00070FEF

.text C:\WINDOWS\system32\services.exe[580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0007005B

.text C:\WINDOWS\system32\services.exe[580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070036

.text C:\WINDOWS\system32\services.exe[580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060F75

.text C:\WINDOWS\system32\services.exe[580] msvcrt.dll!system 77C293C7 5 Bytes JMP 00060F90

.text C:\WINDOWS\system32\services.exe[580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00060000

.text C:\WINDOWS\system32\services.exe[580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060FE3

.text C:\WINDOWS\system32\services.exe[580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FA1

.text C:\WINDOWS\system32\services.exe[580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FC6

.text C:\WINDOWS\system32\services.exe[580] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00040FEF

.text C:\WINDOWS\system32\services.exe[580] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00040FD4

.text C:\WINDOWS\system32\services.exe[580] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00040FC3

.text C:\WINDOWS\system32\services.exe[580] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00040014

.text C:\WINDOWS\system32\services.exe[580] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00050000

.text C:\WINDOWS\system32\lsass.exe[592] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006F000A

.text C:\WINDOWS\system32\lsass.exe[592] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01030FEF

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01030F49

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01030F64

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01030F75

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01030F86

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01030FAB

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01030F11

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01030063

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01030F00

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01030099

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01030EEF

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01030028

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01030FDE

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01030F38

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01030FBC

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01030FCD

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0103007E

.text C:\WINDOWS\system32\lsass.exe[592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0102001B

.text C:\WINDOWS\system32\lsass.exe[592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01020FA5

.text C:\WINDOWS\system32\lsass.exe[592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01020000

.text C:\WINDOWS\system32\lsass.exe[592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01020FCA

.text C:\WINDOWS\system32\lsass.exe[592] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01020062

.text C:\WINDOWS\system32\lsass.exe[592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01020FEF

.text C:\WINDOWS\system32\lsass.exe[592] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01020051

.text C:\WINDOWS\system32\lsass.exe[592] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01020040

.text C:\WINDOWS\system32\lsass.exe[592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01010075

.text C:\WINDOWS\system32\lsass.exe[592] msvcrt.dll!system 77C293C7 5 Bytes JMP 01010064

.text C:\WINDOWS\system32\lsass.exe[592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0101002E

.text C:\WINDOWS\system32\lsass.exe[592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01010000

.text C:\WINDOWS\system32\lsass.exe[592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0101003F

.text C:\WINDOWS\system32\lsass.exe[592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01010011

.text C:\WINDOWS\system32\lsass.exe[592] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FB0000

.text C:\WINDOWS\system32\lsass.exe[592] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00F20000

.text C:\WINDOWS\system32\lsass.exe[592] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00F20FE5

.text C:\WINDOWS\system32\lsass.exe[592] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00F2001B

.text C:\WINDOWS\system32\lsass.exe[592] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00F20FC0

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01290000

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012900AB

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0129009A

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01290FB6

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01290073

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01290051

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012900F4

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012900D9

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01290F6C

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01290F87

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0129012A

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01290062

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01290011

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012900BC

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01290036

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01290FE5

.text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01290105

.text C:\WINDOWS\system32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01280FD4

.text C:\WINDOWS\system32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01280F72

.text C:\WINDOWS\system32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01280025

.text C:\WINDOWS\system32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0128000A

.text C:\WINDOWS\system32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01280F8D

.text C:\WINDOWS\system32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01280FEF

.text C:\WINDOWS\system32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01280F9E

.text C:\WINDOWS\system32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [48, 89]

.text C:\WINDOWS\system32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01280FAF

.text C:\WINDOWS\system32\svchost.exe[776] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01270FB4

.text C:\WINDOWS\system32\svchost.exe[776] msvcrt.dll!system 77C293C7 5 Bytes JMP 0127003F

.text C:\WINDOWS\system32\svchost.exe[776] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01270FD9

.text C:\WINDOWS\system32\svchost.exe[776] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0127000C

.text C:\WINDOWS\system32\svchost.exe[776] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0127002E

.text C:\WINDOWS\system32\svchost.exe[776] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0127001D

.text C:\WINDOWS\system32\svchost.exe[776] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00FF0FEF

.text C:\WINDOWS\system32\svchost.exe[776] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00FF0FD4

.text C:\WINDOWS\system32\svchost.exe[776] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00FF0FC3

.text C:\WINDOWS\system32\svchost.exe[776] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00FF0014

.text C:\WINDOWS\system32\svchost.exe[776] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01260FE5

.text C:\WINDOWS\ehome\ehtray.exe[816] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A

.text C:\WINDOWS\ehome\ehtray.exe[816] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A

.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[824] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D3000A

.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[824] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D4000A

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011C0000

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011C0F7E

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011C0F8F

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011C0FA0

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011C0FBD

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011C004E

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011C0F52

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011C009A

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011C00C9

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011C0F30

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011C0F1F

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011C005F

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011C0011

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011C0F6D

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011C003D

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011C002C

.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011C0F41

.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 011B0025

.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011B0F7C

.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 011B0FD4

.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 011B0000

.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 011B0F97

.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 011B0FEF

.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 011B0FA8

.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [3B, 89]

.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 011B0FC3

.text C:\WINDOWS\system32\svchost.exe[860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011A0F89

.text C:\WINDOWS\system32\svchost.exe[860] msvcrt.dll!system 77C293C7 5 Bytes JMP 011A0F9A

.text C:\WINDOWS\system32\svchost.exe[860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011A0FC6

.text C:\WINDOWS\system32\svchost.exe[860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011A0FEF

.text C:\WINDOWS\system32\svchost.exe[860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011A0FAB

.text C:\WINDOWS\system32\svchost.exe[860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011A0000

.text C:\WINDOWS\system32\svchost.exe[860] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00FF0FEF

.text C:\WINDOWS\system32\svchost.exe[860] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00FF0FDE

.text C:\WINDOWS\system32\svchost.exe[860] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00FF0FCD

.text C:\WINDOWS\system32\svchost.exe[860] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00FF001E

.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01190000

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028B0000

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 028B0F83

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 028B0F94

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 028B0FA5

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 028B0058

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 028B002C

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028B0F57

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 028B0F72

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028B0F21

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028B0F3C

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028B00D5

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 028B003D

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 028B0FE5

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 028B0093

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 028B0FC0

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 028B0011

.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 028B00C4

.text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 028A0FC0

.text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 028A0051

.text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 028A001B

.text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 028A0FE5

.text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 028A0F94

.text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 028A0000

.text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 028A002C

.text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 028A0FAF

.text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0289004E

.text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!system 77C293C7 5 Bytes JMP 0289003D

.text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02890018

.text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02890FEF

.text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02890FCD

.text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02890FDE

.text C:\WINDOWS\System32\svchost.exe[908] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 01B20FEF

.text C:\WINDOWS\System32\svchost.exe[908] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 01B20FD4

.text C:\WINDOWS\System32\svchost.exe[908] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 01B20FC3

.text C:\WINDOWS\System32\svchost.exe[908] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 01B20FA8

.text C:\WINDOWS\System32\svchost.exe[908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02740FE5

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40000

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F94

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F4007F

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40FA5

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40FC0

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40047

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F400B5

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F6D

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40F1C

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F37

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F40F0B

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40062

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F40FEF

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F4009A

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F40036

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40025

.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40F52

.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F30FE5

.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F30058

.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F3002C

.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F3001B

.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F30FA5

.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F3000A

.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F30047

.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F30FCA

.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F2004E

.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F20FC3

.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F20029

.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F20000

.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F20FD4

.text C:\WINDOWS\system32\svchost.exe[972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F20FEF

.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00B10FEF

.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00B10FD4

.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00B1000A

.text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00B10FC3

.text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F10FE5

.text C:\Program Files\DISC\DISCover.exe[1004] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0162000A

.text C:\Program Files\DISC\DISCover.exe[1004] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0163000A

.text C:\WINDOWS\RTHDCPL.EXE[1068] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01A5000A

.text C:\WINDOWS\RTHDCPL.EXE[1068] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 01A6000A

.text C:\WINDOWS\system32\spoolsv.exe[1160] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0097000A

.text C:\WINDOWS\system32\spoolsv.exe[1160] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0098000A

.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0089000A

.text C:\Program Files\McAfee\MPF\MPFSrv.exe[1216] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008A000A

.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1276] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A

.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1276] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009B000A

.text C:\WINDOWS\ARPWRMSG.EXE[1308] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0085000A

.text C:\WINDOWS\ARPWRMSG.EXE[1308] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0086000A

.text C:\WINDOWS\Explorer.EXE[1352] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C0000A

.text C:\WINDOWS\Explorer.EXE[1352] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C1000A

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025B0000

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025B0087

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025B006C

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025B0F9E

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025B005B

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025B0FB9

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025B0F77

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025B00BF

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025B0F52

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025B00EB

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025B0F37

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025B0040

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025B0FE5

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025B00A2

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025B001B

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025B0FCA

.text C:\WINDOWS\Explorer.EXE[1352] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025B00D0

.text C:\WINDOWS\Explorer.EXE[1352] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 011E0036

.text C:\WINDOWS\Explorer.EXE[1352] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011E007A

.text C:\WINDOWS\Explorer.EXE[1352] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 011E0FE5

.text C:\WINDOWS\Explorer.EXE[1352] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 011E001B

.text C:\WINDOWS\Explorer.EXE[1352] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 011E0069

.text C:\WINDOWS\Explorer.EXE[1352] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 011E0000

.text C:\WINDOWS\Explorer.EXE[1352] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 011E0058

.text C:\WINDOWS\Explorer.EXE[1352] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 011E0047

.text C:\WINDOWS\Explorer.EXE[1352] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011D0047

.text C:\WINDOWS\Explorer.EXE[1352] msvcrt.dll!system 77C293C7 5 Bytes JMP 011D0036

.text C:\WINDOWS\Explorer.EXE[1352] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011D0FCD

.text C:\WINDOWS\Explorer.EXE[1352] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011D0FEF

.text C:\WINDOWS\Explorer.EXE[1352] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011D0FBC

.text C:\WINDOWS\Explorer.EXE[1352] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011D0FDE

.text C:\WINDOWS\Explorer.EXE[1352] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 011B0FEF

.text C:\WINDOWS\Explorer.EXE[1352] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 011B0FD4

.text C:\WINDOWS\Explorer.EXE[1352] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 011B0014

.text C:\WINDOWS\Explorer.EXE[1352] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 011B0FC3

.text C:\WINDOWS\Explorer.EXE[1352] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011C0FEF

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020000

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01020069

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01020058

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01020F7E

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01020FA5

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020FC0

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010200AB

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01020084

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01020F23

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01020F48

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01020F12

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01020047

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0102001B

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01020F59

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01020FE5

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01020036

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010200C6

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0101001E

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0101006F

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01010FCD

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01010FDE

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01010054

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01010FEF

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01010039

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01010FB2

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01109315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 011E4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 012FE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 012FDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 012FDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 012FDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 012FDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 012FE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 012FDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01000069

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] msvcrt.dll!system 77C293C7 5 Bytes JMP 0100004E

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01000022

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01000FEF

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01000033

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01000FDE

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WININET.dll!HttpAddRequestHeadersA 63018275 5 Bytes JMP 00DE000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WININET.dll!HttpAddRequestHeadersW 630282B3 5 Bytes JMP 00E7000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00FE000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00FE0025

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00FE0FEF

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00FE0FD4

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E8F9F0 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E90A60 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E908A0 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E90780 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E8FDA0 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\Program Files\Internet Explorer\Iexplore.exe[1388] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E8FFD0 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB000A

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0F5F

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB0F70

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB0054

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB0FA1

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0FB2

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB008C

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB007B

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB00C9

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB00B8

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB0F1F

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB0039

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB0FEF

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0F4E

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB0FC3

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB0FD4

.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB009D

.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EC0039

.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EC006F

.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EC0FDE

.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EC000A

.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EC0FB2

.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EC0FEF

.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EC0FC3

.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0C, 89] {OR AL, 0x89}

.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EC0054

.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EB0038

.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EB0027

.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EB0FC1

.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EB0FEF

.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EB0016

.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EB0FDE

.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00E90000

.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00E90FE5

.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00E9001B

.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00E90FCA

.text C:\WINDOWS\system32\svchost.exe[1436] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EA0FEF

.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A

.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[1504] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A

.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1596] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A

.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1596] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A

.text C:\WINDOWS\arservice.exe[1620] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008D000A

.text C:\WINDOWS\arservice.exe[1620] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008E000A

.text C:\WINDOWS\eHome\ehRecvr.exe[1648] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0061000A

.text C:\WINDOWS\eHome\ehRecvr.exe[1648] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0062000A

.text C:\WINDOWS\eHome\ehSched.exe[1680] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005F000A

.text C:\WINDOWS\eHome\ehSched.exe[1680] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0060000A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1732] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007F000A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1732] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0082000A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1764] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006E000A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1764] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006F000A

.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1808] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A2000A

.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1808] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A3000A

.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0072000A

.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1856] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0073000A

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdmserv.exe[1892] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008F000A

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdmserv.exe[1892] ntdll.dll!LdrUnloadDll

Link to post
Share on other sites

.text C:\WINDOWS\system32\lxdmcoms.exe[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009D000A

.text C:\WINDOWS\system32\lxdmcoms.exe[1908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009E000A

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1932] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AB000A

.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1932] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AC000A

.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008B000A

.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1976] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008C000A

.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A5000A

.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A6000A

.text C:\WINDOWS\system32\nvsvc32.exe[2072] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006C000A

.text C:\WINDOWS\system32\nvsvc32.exe[2072] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006D000A

.text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[2100] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009F000A

.text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[2100] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010E0000

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010E0F94

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010E0FA5

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010E0089

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010E006C

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010E0051

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010E00C6

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010E00B5

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010E0106

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010E00EB

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010E0F52

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 010E0FCA

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010E0025

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010E00A4

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateNamedPipeW 7C82F0DD 3 Bytes JMP 010E0FE5

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateNamedPipeW + 4 7C82F0E1 1 Byte [84]

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 010E0036

.text C:\WINDOWS\system32\svchost.exe[2192] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010E0F6D

.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 010D0FCA

.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 010D0051

.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 010D0025

.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 010D0014

.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 010D0F9E

.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 010D0FEF

.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 010D0FAF

.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [2D, 89]

.text C:\WINDOWS\system32\svchost.exe[2192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 010D0036

.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF004B

.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FC0

.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0029

.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FEF

.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF003A

.text C:\WINDOWS\system32\svchost.exe[2192] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF000C

.text C:\WINDOWS\system32\svchost.exe[2192] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00FD0000

.text C:\WINDOWS\system32\svchost.exe[2192] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00FD0FEF

.text C:\WINDOWS\system32\svchost.exe[2192] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00FD0025

.text C:\WINDOWS\system32\svchost.exe[2192] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00FD0036

.text C:\WINDOWS\system32\svchost.exe[2192] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF

.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0097000A

.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2240] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0098000A

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01420FEF

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01420F66

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01420F77

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0142005B

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01420FA8

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01420040

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0142008C

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01420F44

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014200A7

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01420F18

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 014200C2

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01420FB9

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0142000A

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01420F55

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01420FD4

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01420025

.text C:\WINDOWS\system32\svchost.exe[2260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01420F29

.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01410036

.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01410FAF

.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0141001B

.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01410FE5

.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01410062

.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01410000

.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01410FCA

.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [61, 89]

.text C:\WINDOWS\system32\svchost.exe[2260] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01410051

.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0140004E

.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!system 77C293C7 5 Bytes JMP 01400033

.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01400FDE

.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01400FEF

.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01400FC3

.text C:\WINDOWS\system32\svchost.exe[2260] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0140000C

.text C:\WINDOWS\system32\svchost.exe[2260] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 013E000A

.text C:\WINDOWS\system32\svchost.exe[2260] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 013E0FEF

.text C:\WINDOWS\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 013E0025

.text C:\WINDOWS\system32\svchost.exe[2260] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 013E0040

.text C:\WINDOWS\system32\svchost.exe[2260] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013F0000

.text C:\WINDOWS\System32\alg.exe[2312] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006F000A

.text C:\WINDOWS\System32\alg.exe[2312] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0070000A

.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[2512] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A7000A

.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[2512] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A8000A

.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BB000A

.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BD000A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2544] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B5000A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B6000A

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2588] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0095000A

.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2588] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096000A

.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009C000A

.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2628] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009E000A

.text C:\WINDOWS\eHome\ehmsas.exe[2724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0086000A

.text C:\WINDOWS\eHome\ehmsas.exe[2724] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0087000A

.text C:\WINDOWS\ehome\mcrdsvc.exe[2760] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0060000A

.text C:\WINDOWS\ehome\mcrdsvc.exe[2760] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0061000A

.text C:\Program Files\Messenger\msmsgs.exe[2840] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A

.text C:\Program Files\Messenger\msmsgs.exe[2840] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01820FE5

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01820073

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01820062

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01820F88

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01820051

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01820FB9

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 018200BC

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 018200A1

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 018200DE

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01820F4F

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01820F2A

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01820036

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01820000

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01820084

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0182001B

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01820FCA

.text C:\Program Files\Messenger\msmsgs.exe[2840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 018200CD

.text C:\Program Files\Messenger\msmsgs.exe[2840] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE001E

.text C:\Program Files\Messenger\msmsgs.exe[2840] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0F93

.text C:\Program Files\Messenger\msmsgs.exe[2840] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FB5

.text C:\Program Files\Messenger\msmsgs.exe[2840] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FE3

.text C:\Program Files\Messenger\msmsgs.exe[2840] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0FA4

.text C:\Program Files\Messenger\msmsgs.exe[2840] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FC6

.text C:\Program Files\Messenger\msmsgs.exe[2840] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0040

.text C:\Program Files\Messenger\msmsgs.exe[2840] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF005B

.text C:\Program Files\Messenger\msmsgs.exe[2840] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FEF

.text C:\Program Files\Messenger\msmsgs.exe[2840] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF001B

.text C:\Program Files\Messenger\msmsgs.exe[2840] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0F9E

.text C:\Program Files\Messenger\msmsgs.exe[2840] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0000

.text C:\Program Files\Messenger\msmsgs.exe[2840] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FF0FB9

.text C:\Program Files\Messenger\msmsgs.exe[2840] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1F, 89]

.text C:\Program Files\Messenger\msmsgs.exe[2840] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0FD4

.text C:\Program Files\Messenger\msmsgs.exe[2840] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0000

.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00FC0000

.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00FC0011

.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00FC0FD1

.text C:\Program Files\Messenger\msmsgs.exe[2840] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00FC0022

.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0140000A

.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0141000A

.text C:\Program Files\Canon\CAL\CALMAIN.exe[3008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006B000A

.text C:\Program Files\Canon\CAL\CALMAIN.exe[3008] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006C000A

.text C:\206b35gs.exe[3188] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009E000A

.text C:\206b35gs.exe[3188] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009F000A

.text C:\WINDOWS\system32\wuauclt.exe[3556] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A

.text C:\WINDOWS\system32\wuauclt.exe[3556] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001E0FEF

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001E0F68

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001E0F79

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001E0F8A

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001E0F9B

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001E0022

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001E0F32

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001E0F4D

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001E00A6

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001E0095

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001E00C1

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001E003D

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001E0000

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001E0078

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001E0011

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001E0FC0

.text C:\WINDOWS\system32\wuauclt.exe[3556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001E0F17

.text C:\WINDOWS\system32\wuauclt.exe[3556] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002D003D

.text C:\WINDOWS\system32\wuauclt.exe[3556] msvcrt.dll!system 77C293C7 5 Bytes JMP 002D0FB2

.text C:\WINDOWS\system32\wuauclt.exe[3556] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002D001B

.text C:\WINDOWS\system32\wuauclt.exe[3556] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002D0FEF

.text C:\WINDOWS\system32\wuauclt.exe[3556] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002D002C

.text C:\WINDOWS\system32\wuauclt.exe[3556] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002D0000

.text C:\WINDOWS\system32\wuauclt.exe[3556] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002E003D

.text C:\WINDOWS\system32\wuauclt.exe[3556] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002E0FC0

.text C:\WINDOWS\system32\wuauclt.exe[3556] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002E002C

.text C:\WINDOWS\system32\wuauclt.exe[3556] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002E001B

.text C:\WINDOWS\system32\wuauclt.exe[3556] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002E0FD1

.text C:\WINDOWS\system32\wuauclt.exe[3556] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002E0000

.text C:\WINDOWS\system32\wuauclt.exe[3556] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002E0073

.text C:\WINDOWS\system32\wuauclt.exe[3556] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002E0062

.text C:\WINDOWS\system32\wuauclt.exe[3556] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 008C0000

.text C:\WINDOWS\system32\wuauclt.exe[3556] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 008C0011

.text C:\WINDOWS\system32\wuauclt.exe[3556] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 008C0FDB

.text C:\WINDOWS\system32\wuauclt.exe[3556] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 008C0022

.text C:\WINDOWS\system32\wuauclt.exe[3556] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B30FEF

.text C:\Program Files\DISC\DiscStreamHub.exe[3624] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A

.text C:\Program Files\DISC\DiscStreamHub.exe[3624] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009A000A

.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AB000A

.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3688] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AC000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A3000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A4000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00290000

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00290F94

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00290089

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00290FA5

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00290FB6

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00290047

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002900A4

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00290F5C

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00290F1C

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00290F37

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002900C6

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00290058

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00290FE5

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00290F79

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00290036

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0029001B

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002900B5

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0038000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00380054

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00380FB9

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00380FD4

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00380043

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00380FE5

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00380F97

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [58, 88]

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00380FA8

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01149315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0121DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0121DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01224832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01181CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0133E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0133DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0133DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0133DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0133DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0133E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0133DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390062

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390047

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390022

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390000

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00390FD7

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00390011

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0122488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WININET.dll!HttpAddRequestHeadersA 63018275 5 Bytes JMP 00E2000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WININET.dll!HttpAddRequestHeadersW 630282B3 5 Bytes JMP 00EB000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00BE000A

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00BE0FE5

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00BE0025

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00BE0FCA

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00ECF9F0 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00ED0A60 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0000

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00ED08A0 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00ED0780 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00ECFDA0 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\Program Files\Internet Explorer\Iexplore.exe[3884] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00ECFFD0 \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3928] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0085000A

.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3928] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0086000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[2948] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

IAT C:\Program Files\Internet Explorer\Iexplore.exe[3884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00FD18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [860] 0x00A10000

Library \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [908] 0x00A10000

Library \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [972] 0x00A10000

Library \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1388] 0x00E80000

Library \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1436] 0x00A10000

Library \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2192] 0x00A10000

Library \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2260] 0x00A10000

Library \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3884] 0x00EC0000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACtpqdtitbddvcxjt.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtpqdtitbddvcxjt.sys

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtpqdtitbddvcxjt.sys

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACgmpfvaqgdkcfdjj.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACntdmoeynasxvpdv.dat

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACkkcmgflrgxkchfj.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACufodpmlmbkkkyav.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACrnyromkvnyielyd.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACfgekoeblgwbehue.db

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACjxvoxwhaybvlkbm.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACpdaxubqijsnjkaf.log

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACrjsvgpuivoajmgk.log

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACprxlnfvretbrfak.log

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtpqdtitbddvcxjt.sys

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtpqdtitbddvcxjt.sys

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACgmpfvaqgdkcfdjj.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACntdmoeynasxvpdv.dat

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACkkcmgflrgxkchfj.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACufodpmlmbkkkyav.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACrnyromkvnyielyd.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACfgekoeblgwbehue.db

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACjxvoxwhaybvlkbm.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACpdaxubqijsnjkaf.log

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACrjsvgpuivoajmgk.log

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACprxlnfvretbrfak.log

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtpqdtitbddvcxjt.sys

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtpqdtitbddvcxjt.sys

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACgmpfvaqgdkcfdjj.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACntdmoeynasxvpdv.dat

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACkkcmgflrgxkchfj.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACufodpmlmbkkkyav.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACrnyromkvnyielyd.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACfgekoeblgwbehue.db

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACjxvoxwhaybvlkbm.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACpdaxubqijsnjkaf.log

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACrjsvgpuivoajmgk.log

Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACprxlnfvretbrfak.log

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtpxnhfit.sys

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtpxnhfit.sys

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACetjcjcvo.dll

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACyshctowq.dat

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACeuejmdup.dll

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACabonlsbp.dll

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACjnbgdxqv.dll

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACbbtfwpxe.dll

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACatvpyyqx.log

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACfmckbwwk.log

Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACnbfklrev.log

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtpqdtitbddvcxjt.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtpqdtitbddvcxjt.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACgmpfvaqgdkcfdjj.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACntdmoeynasxvpdv.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACkkcmgflrgxkchfj.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACufodpmlmbkkkyav.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACrnyromkvnyielyd.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACfgekoeblgwbehue.db

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACjxvoxwhaybvlkbm.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACoobhhdylnhampxe.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACpdaxubqijsnjkaf.log

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACrjsvgpuivoajmgk.log

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACprxlnfvretbrfak.log

Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1@ UAAddressBookBttn Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1\CLSID@ {C0E10003-001C-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1@ UAButton Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1\CLSID@ {C0E10003-0007-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1@ UACheckBox Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1\CLSID@ {C0E10003-0013-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1@ UADropDown Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1\CLSID@ {C0E10003-000A-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1@ UAEdit Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1\CLSID@ {C0E10003-0023-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1@ UAGalleryBttn Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1\CLSID@ {C0E10003-0010-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1@ UAGallery Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1\CLSID@ {C0E10003-0019-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1@ UAGraphicDropDown Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1\CLSID@ {C0E10003-0026-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1@ UAHelp Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1\CLSID@ {C0E10003-002F-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1@ UAPartsList Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1\CLSID@ {C0E10003-000D-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1@ UARadioButton Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1\CLSID@ {C0E10003-0016-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1@ UAScrapBookBttn Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1\CLSID@ {C0E10003-001F-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1@ UAText Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1\CLSID@ {C0E10003-002C-0001-C0E1-C0E1C0E1C0E1}

---- Files - GMER 1.0.15 ----

File C:\Corel\Suite8\Shared\Help\uacc8en.hlp 15586 bytes

File C:\Corel\Suite8\Shared\Help\UACC8EN.NLI 5905 bytes

File C:\Corel\Suite8\Template\UACC8EN.AST 19078 bytes

File C:\Corel\Suite8\Template\UACC8EN.DLL 125952 bytes executable

File C:\Documents and Settings\Compaq_Administrator\Local Settings\temp\UACafce.tmp 343040 bytes executable

File C:\WINDOWS\system32\drivers\UACtpqdtitbddvcxjt.sys 53760 bytes executable <-- ROOTKIT !!!

File C:\WINDOWS\system32\UACfgekoeblgwbehue.db 1110399 bytes

File C:\WINDOWS\system32\UACgmpfvaqgdkcfdjj.dll 25600 bytes executable

File C:\WINDOWS\system32\uacinit.dll 5569 bytes

File C:\WINDOWS\system32\UACjxvoxwhaybvlkbm.dll 30208 bytes executable

File C:\WINDOWS\system32\UACkkcmgflrgxkchfj.dll 19968 bytes executable

File C:\WINDOWS\system32\UACntdmoeynasxvpdv.dat 224 bytes

File C:\WINDOWS\system32\UACoobhhdylnhampxe.dll 66560 bytes

File C:\WINDOWS\system32\UACpdaxubqijsnjkaf.log 124424 bytes

File C:\WINDOWS\system32\UACrnyromkvnyielyd.dll 19456 bytes executable

File C:\WINDOWS\system32\uactmp.db 0 bytes

File C:\WINDOWS\system32\UACufodpmlmbkkkyav.dll 17408 bytes executable

File C:\WINDOWS\Temp\UACb94e.tmp 66560 bytes

---- EOF - GMER 1.0.15 ----

Sorry, had to split this log. The board said it was too long to post.

Link to post
Share on other sites

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

  • [*]When finished, it will produce a report for you.

[*]Please post the C:\ComboFix.txt

Link to post
Share on other sites

ComboFix 09-05-30.03 - Compaq_Administrator 05/30/2009 20:11.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.158 [GMT -7:00]

Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\UACtpqdtitbddvcxjt.sys

c:\windows\system32\UACfgekoeblgwbehue.db

c:\windows\system32\UACgmpfvaqgdkcfdjj.dll

c:\windows\system32\uacinit.dll

c:\windows\system32\UACjxvoxwhaybvlkbm.dll

c:\windows\system32\UACkkcmgflrgxkchfj.dll

c:\windows\system32\UACntdmoeynasxvpdv.dat

c:\windows\system32\UACoobhhdylnhampxe.dll

c:\windows\system32\UACpdaxubqijsnjkaf.log

c:\windows\system32\UACprxlnfvretbrfak.log

c:\windows\system32\UACrjsvgpuivoajmgk.log

c:\windows\system32\UACrnyromkvnyielyd.dll

c:\windows\system32\UACufodpmlmbkkkyav.dll

D:\Desktop.ini

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))

.

2009-05-31 03:17 . 2008-04-14 00:12 50176 ----a-w c:\windows\system32\proquota.exe

2009-05-31 03:17 . 2008-04-14 00:12 50176 ----a-w c:\windows\system32\dllcache\proquota.exe

2009-05-30 18:37 . 2009-05-30 18:37 286208 ----a-w C:\206b35gs.exe

2009-05-30 06:04 . 2009-03-30 17:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys

2009-05-30 06:04 . 2009-03-24 23:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

2009-05-30 06:04 . 2009-02-13 19:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys

2009-05-30 06:04 . 2009-02-13 19:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys

2009-05-30 06:04 . 2009-05-30 06:04 -------- d-----w c:\program files\Avira

2009-05-30 06:04 . 2009-05-30 06:04 -------- d-----w c:\documents and settings\All Users\Application Data\Avira

2009-05-29 04:35 . 2009-05-26 20:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-29 04:35 . 2009-05-30 09:05 -------- d-----w c:\program files\yoyo

2009-05-29 04:35 . 2009-05-26 20:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-29 00:22 . 2009-05-29 00:22 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache

2009-05-28 18:56 . 2009-05-28 18:56 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-28 16:53 . 2009-05-29 06:42 -------- d-----w c:\program files\MB

2009-05-28 16:47 . 2009-05-29 01:54 -------- d-----w c:\program files\VS Revo Group

2009-05-28 16:33 . 2009-05-28 16:33 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR

2009-05-28 05:30 . 2009-05-28 16:33 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-05-27 16:25 . 2009-05-27 16:25 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE

2009-05-27 16:13 . 2009-05-27 16:13 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PCHealth

2009-05-27 07:24 . 2009-05-30 10:52 126343 ----a-w C:\MGlogs.zip

2009-05-27 07:24 . 2009-05-30 10:52 -------- d-----w C:\MGtools

2009-05-27 07:18 . 2009-05-27 07:18 1341441 ----a-w C:\MGtools.exe

2009-05-25 05:34 . 2001-08-18 05:36 8704 ----a-w c:\windows\system32\kbdjpn.dll

2009-05-25 05:34 . 2001-08-18 05:36 8704 ----a-w c:\windows\system32\dllcache\kbdjpn.dll

2009-05-25 05:34 . 2001-08-18 05:36 8192 ----a-w c:\windows\system32\kbdkor.dll

2009-05-25 05:34 . 2001-08-18 05:36 8192 ----a-w c:\windows\system32\dllcache\kbdkor.dll

2009-05-25 05:34 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd101c.dll

2009-05-25 05:34 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\dllcache\kbd101c.dll

2009-05-25 05:34 . 2001-08-17 21:55 5632 ----a-w c:\windows\system32\kbd103.dll

2009-05-25 05:34 . 2001-08-17 21:55 5632 ----a-w c:\windows\system32\dllcache\kbd103.dll

2009-05-25 05:34 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd101b.dll

2009-05-25 05:34 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\dllcache\kbd101b.dll

2009-05-25 05:34 . 2008-04-14 00:09 6144 ----a-w c:\windows\system32\kbd106.dll

2009-05-25 05:34 . 2008-04-14 00:09 6144 ----a-w c:\windows\system32\dllcache\kbd106.dll

2009-05-19 05:57 . 2009-05-19 05:57 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-05-19 05:50 . 2009-05-19 05:50 -------- d-----w c:\docume~1\COMPAQ~1\APPLIC~1\Uniblue

2009-05-18 22:05 . 2009-05-18 22:06 -------- d-----w c:\program files\CCleaner

2009-05-15 20:45 . 2009-05-15 20:45 -------- d-----w c:\program files\Trend Micro

2009-05-15 00:38 . 2009-05-15 05:05 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-05-12 05:28 . 2009-05-12 05:28 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore

2009-05-10 02:21 . 2009-05-10 02:21 -------- d-sh--w c:\documents and settings\Administrator\IETldCache

2009-05-04 01:35 . 2009-05-15 05:10 -------- d-----w c:\program files\Google

2009-05-04 00:04 . 2009-05-04 00:04 -------- d-----w c:\program files\AVIConverter

2009-05-03 01:17 . 2001-08-17 20:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys

2009-05-03 01:17 . 2001-08-17 20:48 12160 ----a-w c:\windows\system32\dllcache\mouhid.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-31 02:08 . 2006-12-04 22:23 19240 ----a-w c:\docume~1\COMPAQ~1\APPLIC~1\wklnhst.dat

2009-05-29 01:53 . 2009-03-26 08:09 -------- d-----w c:\program files\Spybot - Search & Destroy

2009-05-29 01:53 . 2009-03-26 08:09 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-05-28 18:56 . 2006-08-01 20:33 -------- d-----w c:\program files\Java

2009-05-28 16:29 . 2009-05-28 10:12 90112 ----a-w c:\windows\DUMP7dab.tmp

2009-05-28 16:28 . 2009-05-28 10:12 90112 ----a-w c:\windows\DUMP86f2.tmp

2009-05-28 10:31 . 2009-04-20 18:02 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-05-28 09:09 . 2009-05-15 23:18 90112 ----a-w c:\windows\DUMP8136.tmp

2009-05-27 16:14 . 2007-04-27 22:50 -------- d--h--w c:\docume~1\COMPAQ~1\APPLIC~1\Move Networks

2009-05-27 15:58 . 2009-04-20 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-19 08:55 . 2006-08-01 21:04 -------- d-----w c:\program files\DISC

2009-05-18 23:30 . 2006-08-01 21:10 -------- d-----w c:\program files\Quicken

2009-05-08 18:59 . 2009-04-20 08:02 -------- d-----w c:\program files\McAfee

2009-05-04 01:45 . 2009-04-20 16:56 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore

2009-04-21 18:26 . 2006-08-01 21:04 62480 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-20 18:04 . 2009-04-20 18:04 -------- d-----w c:\program files\DIFX

2009-04-20 18:03 . 2009-04-20 00:25 -------- d-----w c:\program files\LeapFrog

2009-04-20 18:01 . 2009-04-20 18:01 25742176 -c--a-w c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe

2009-04-20 18:01 . 2009-04-20 18:01 6639952 -c--a-w c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe

2009-04-20 08:08 . 2009-03-29 01:37 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2009-04-20 08:07 . 2009-04-20 08:07 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-04-20 08:03 . 2009-04-20 08:02 -------- d-----w c:\program files\Common Files\McAfee

2009-04-20 08:03 . 2009-04-20 08:02 -------- d-----w c:\program files\McAfee.com

2009-04-20 07:53 . 2006-08-01 21:32 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-04-20 07:53 . 2006-08-01 21:32 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2009-04-20 06:27 . 2006-08-01 21:27 -------- d-----w c:\program files\Yahoo!

2009-04-20 06:14 . 2009-04-20 06:14 -------- d-----w c:\documents and settings\All Users\Application Data\Leapfrog

2009-04-20 05:59 . 2009-04-20 05:59 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-04-20 03:16 . 2009-04-20 03:16 -------- d-----w c:\docume~1\COMPAQ~1\APPLIC~1\Malwarebytes

2009-04-20 03:16 . 2009-04-20 03:16 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-20 03:08 . 2009-04-20 03:07 -------- d-----w c:\docume~1\COMPAQ~1\APPLIC~1\GetRightToGo

2009-04-15 22:19 . 2006-11-18 22:25 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-04-15 22:11 . 2006-11-10 05:05 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!

2009-04-15 22:11 . 2006-11-10 07:35 -------- d--h--r c:\docume~1\COMPAQ~1\APPLIC~1\yahoo!

2009-04-15 21:18 . 2009-04-15 21:18 -------- d-----w c:\program files\Alwil Software

2009-04-15 05:54 . 2009-04-15 05:54 61224 ----a-w c:\documents and settings\Compaq_Administrator\GoToAssistDownloadHelper.exe

2009-04-11 04:23 . 2009-04-11 04:23 -------- d-----w c:\docume~1\COMPAQ~1\APPLIC~1\iudboecd

2009-04-01 07:57 . 2005-08-31 04:01 92947 -c--a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-01 04:02 . 2009-04-01 04:02 -------- d-----w c:\documents and settings\NetworkService\Application Data\iudboecd

2009-03-31 20:29 . 2008-04-27 23:23 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys

2009-03-08 11:34 . 2004-08-10 04:00 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2004-08-10 04:00 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2004-08-10 04:00 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2004-08-10 04:00 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2004-08-10 04:00 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2004-08-10 04:00 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:31 . 2004-08-10 04:00 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2004-08-10 04:00 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2004-08-10 04:00 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2004-08-10 04:00 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:22 . 2004-08-10 04:00 284160 ----a-w c:\windows\system32\pdh.dll

2008-01-25 18:17 . 2008-01-10 08:57 56 --sh--r c:\windows\system32\EF3971DDAF.sys

2008-01-25 18:17 . 2008-01-10 07:41 3350 --sha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]

"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]

"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]

"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-07-06 455344]

"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-06-01 20480]

"Lexmark 5000 Series Fax Server"="c:\program files\Lexmark 5000 Series\fm3032.exe" [2007-07-06 307888]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-02-05 356352]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]

"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/29/2009 11:04 PM 108289]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/20/2009 1:06 AM 210216]

S2 hfusm;hfusm;c:\windows\system32\drivers\bvculgr.sys --> c:\windows\system32\drivers\bvculgr.sys [?]

S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [4/2/2007 5:37 PM 227200]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [4/20/2009 11:03 AM 18560]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

lfnhhdda

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-20 20:32]

2009-05-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-20 20:32]

2009-05-31 c:\windows\Tasks\User_Feed_Synchronization-{6E6FCB2B-A5EC-43FA-8250-FFE76435C16B}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

SafeBoot-procexp90.Sys

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: trymedia.com

DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\docume~1\COMPAQ~1\APPLIC~1\Mozilla\Firefox\Profiles\31r6n7p4.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveGS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgCtl.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-30 20:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SAVRT]

"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SNDSrvc]

"ImagePath"="-"

.

Completion time: 2009-05-31 20:19

ComboFix-quarantined-files.txt 2009-05-31 03:19

Pre-Run: 131,441,483,776 bytes free

Post-Run: 131,444,301,824 bytes free

Current=5 Default=5 Failed=1 LastKnownGood=3 Sets=,1,2,3,4,5

253 --- E O F --- 2009-05-18 06:22

Are these logs explaining anything?

Link to post
Share on other sites

Almost there :huh:

1. Please open Notepad

  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::hfusm
File::c:\windows\system32\drivers\bvculgr.sys
NetSvc::lfnhhdda

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt .

=============

Link to post
Share on other sites

ComboFix 09-05-30.03 - Compaq_Administrator 05/31/2009 8:30.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.168 [GMT -7:00]

Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Created a new restore point

FILE ::

"c:\windows\system32\drivers\bvculgr.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_HFUSM

-------\Service_hfusm

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))

.

2009-05-31 03:17 . 2008-04-14 00:12 50176 ----a-w c:\windows\system32\proquota.exe

2009-05-31 03:17 . 2008-04-14 00:12 50176 ----a-w c:\windows\system32\dllcache\proquota.exe

2009-05-30 18:37 . 2009-05-30 18:37 286208 ----a-w C:\206b35gs.exe

2009-05-30 06:04 . 2009-03-30 17:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys

2009-05-30 06:04 . 2009-03-24 23:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

2009-05-30 06:04 . 2009-02-13 19:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys

2009-05-30 06:04 . 2009-02-13 19:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys

2009-05-30 06:04 . 2009-05-30 06:04 -------- d-----w c:\program files\Avira

2009-05-30 06:04 . 2009-05-30 06:04 -------- d-----w c:\documents and settings\All Users\Application Data\Avira

2009-05-29 04:35 . 2009-05-26 20:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-29 04:35 . 2009-05-31 15:25 -------- d-----w c:\program files\yoyo

2009-05-29 04:35 . 2009-05-26 20:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-29 00:22 . 2009-05-29 00:22 -------- d-sh--w c:\documents and settings\Administrator\IECompatCache

2009-05-28 18:56 . 2009-05-28 18:56 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-28 16:53 . 2009-05-29 06:42 -------- d-----w c:\program files\MB

2009-05-28 16:47 . 2009-05-29 01:54 -------- d-----w c:\program files\VS Revo Group

2009-05-28 16:33 . 2009-05-28 16:33 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR

2009-05-28 05:30 . 2009-05-28 16:33 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-05-27 16:25 . 2009-05-27 16:25 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE

2009-05-27 16:13 . 2009-05-27 16:13 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PCHealth

2009-05-27 07:24 . 2009-05-30 10:52 126343 ----a-w C:\MGlogs.zip

2009-05-27 07:24 . 2009-05-30 10:52 -------- d-----w C:\MGtools

2009-05-27 07:18 . 2009-05-27 07:18 1341441 ----a-w C:\MGtools.exe

2009-05-25 05:34 . 2001-08-18 05:36 8704 ----a-w c:\windows\system32\kbdjpn.dll

2009-05-25 05:34 . 2001-08-18 05:36 8704 ----a-w c:\windows\system32\dllcache\kbdjpn.dll

2009-05-25 05:34 . 2001-08-18 05:36 8192 ----a-w c:\windows\system32\kbdkor.dll

2009-05-25 05:34 . 2001-08-18 05:36 8192 ----a-w c:\windows\system32\dllcache\kbdkor.dll

2009-05-25 05:34 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd101c.dll

2009-05-25 05:34 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\dllcache\kbd101c.dll

2009-05-25 05:34 . 2001-08-17 21:55 5632 ----a-w c:\windows\system32\kbd103.dll

2009-05-25 05:34 . 2001-08-17 21:55 5632 ----a-w c:\windows\system32\dllcache\kbd103.dll

2009-05-25 05:34 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\kbd101b.dll

2009-05-25 05:34 . 2001-08-17 21:55 6144 ----a-w c:\windows\system32\dllcache\kbd101b.dll

2009-05-25 05:34 . 2008-04-14 00:09 6144 ----a-w c:\windows\system32\kbd106.dll

2009-05-25 05:34 . 2008-04-14 00:09 6144 ----a-w c:\windows\system32\dllcache\kbd106.dll

2009-05-19 05:57 . 2009-05-19 05:57 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-05-19 05:50 . 2009-05-19 05:50 -------- d-----w c:\docume~1\COMPAQ~1\APPLIC~1\Uniblue

2009-05-18 22:05 . 2009-05-18 22:06 -------- d-----w c:\program files\CCleaner

2009-05-15 20:45 . 2009-05-15 20:45 -------- d-----w c:\program files\Trend Micro

2009-05-15 00:38 . 2009-05-15 05:05 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-05-12 05:28 . 2009-05-12 05:28 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore

2009-05-10 02:21 . 2009-05-10 02:21 -------- d-sh--w c:\documents and settings\Administrator\IETldCache

2009-05-04 01:35 . 2009-05-15 05:10 -------- d-----w c:\program files\Google

2009-05-04 00:04 . 2009-05-04 00:04 -------- d-----w c:\program files\AVIConverter

2009-05-03 01:17 . 2001-08-17 20:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys

2009-05-03 01:17 . 2001-08-17 20:48 12160 ----a-w c:\windows\system32\dllcache\mouhid.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-31 06:30 . 2007-04-27 22:50 -------- d--h--w c:\docume~1\COMPAQ~1\APPLIC~1\Move Networks

2009-05-31 02:08 . 2006-12-04 22:23 19240 ----a-w c:\docume~1\COMPAQ~1\APPLIC~1\wklnhst.dat

2009-05-29 01:53 . 2009-03-26 08:09 -------- d-----w c:\program files\Spybot - Search & Destroy

2009-05-29 01:53 . 2009-03-26 08:09 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-05-28 18:56 . 2006-08-01 20:33 -------- d-----w c:\program files\Java

2009-05-28 16:29 . 2009-05-28 10:12 90112 ----a-w c:\windows\DUMP7dab.tmp

2009-05-28 16:28 . 2009-05-28 10:12 90112 ----a-w c:\windows\DUMP86f2.tmp

2009-05-28 10:31 . 2009-04-20 18:02 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-05-28 09:09 . 2009-05-15 23:18 90112 ----a-w c:\windows\DUMP8136.tmp

2009-05-27 15:58 . 2009-04-20 03:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-19 08:55 . 2006-08-01 21:04 -------- d-----w c:\program files\DISC

2009-05-18 23:30 . 2006-08-01 21:10 -------- d-----w c:\program files\Quicken

2009-05-08 18:59 . 2009-04-20 08:02 -------- d-----w c:\program files\McAfee

2009-05-04 01:45 . 2009-04-20 16:56 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore

2009-04-21 18:26 . 2006-08-01 21:04 62480 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-20 18:04 . 2009-04-20 18:04 -------- d-----w c:\program files\DIFX

2009-04-20 18:03 . 2009-04-20 00:25 -------- d-----w c:\program files\LeapFrog

2009-04-20 18:01 . 2009-04-20 18:01 25742176 -c--a-w c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\UPCInstaller.exe

2009-04-20 18:01 . 2009-04-20 18:01 6639952 -c--a-w c:\documents and settings\All Users\Application Data\Leapfrog\LeapFrog Connect\Updates\TagPlugin.exe

2009-04-20 08:08 . 2009-03-29 01:37 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2009-04-20 08:07 . 2009-04-20 08:07 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-04-20 08:03 . 2009-04-20 08:02 -------- d-----w c:\program files\Common Files\McAfee

2009-04-20 08:03 . 2009-04-20 08:02 -------- d-----w c:\program files\McAfee.com

2009-04-20 07:53 . 2006-08-01 21:32 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-04-20 07:53 . 2006-08-01 21:32 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2009-04-20 06:27 . 2006-08-01 21:27 -------- d-----w c:\program files\Yahoo!

2009-04-20 06:14 . 2009-04-20 06:14 -------- d-----w c:\documents and settings\All Users\Application Data\Leapfrog

2009-04-20 05:59 . 2009-04-20 05:59 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-04-20 03:16 . 2009-04-20 03:16 -------- d-----w c:\docume~1\COMPAQ~1\APPLIC~1\Malwarebytes

2009-04-20 03:16 . 2009-04-20 03:16 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-20 03:08 . 2009-04-20 03:07 -------- d-----w c:\docume~1\COMPAQ~1\APPLIC~1\GetRightToGo

2009-04-15 22:19 . 2006-11-18 22:25 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-04-15 22:11 . 2006-11-10 05:05 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!

2009-04-15 22:11 . 2006-11-10 07:35 -------- d--h--r c:\docume~1\COMPAQ~1\APPLIC~1\yahoo!

2009-04-15 21:18 . 2009-04-15 21:18 -------- d-----w c:\program files\Alwil Software

2009-04-15 05:54 . 2009-04-15 05:54 61224 ----a-w c:\documents and settings\Compaq_Administrator\GoToAssistDownloadHelper.exe

2009-04-11 04:23 . 2009-04-11 04:23 -------- d-----w c:\docume~1\COMPAQ~1\APPLIC~1\iudboecd

2009-04-01 07:57 . 2005-08-31 04:01 92947 -c--a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-03-31 20:29 . 2008-04-27 23:23 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys

2009-03-08 11:34 . 2004-08-10 04:00 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2004-08-10 04:00 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2004-08-10 04:00 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2004-08-10 04:00 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2004-08-10 04:00 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2004-08-10 04:00 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:31 . 2004-08-10 04:00 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2004-08-10 04:00 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2004-08-10 04:00 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2004-08-10 04:00 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:22 . 2004-08-10 04:00 284160 ----a-w c:\windows\system32\pdh.dll

2008-01-25 18:17 . 2008-01-10 08:57 56 --sh--r c:\windows\system32\EF3971DDAF.sys

2008-01-25 18:17 . 2008-01-10 07:41 3350 --sha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-05-31_03.18.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-31 15:38 . 2009-05-31 15:38 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat

+ 2005-08-30 20:51 . 2009-05-31 15:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2005-08-30 20:51 . 2009-05-31 02:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2005-08-30 20:51 . 2009-05-31 15:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2005-08-30 20:51 . 2009-05-31 02:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]

"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]

"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]

"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-07-06 455344]

"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-06-01 20480]

"Lexmark 5000 Series Fax Server"="c:\program files\Lexmark 5000 Series\fm3032.exe" [2007-07-06 307888]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-02-05 356352]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]

"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/29/2009 11:04 PM 108289]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/20/2009 1:06 AM 210216]

S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [4/2/2007 5:37 PM 227200]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [4/20/2009 11:03 AM 18560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-20 20:32]

2009-05-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-20 20:32]

2009-05-31 c:\windows\Tasks\User_Feed_Synchronization-{6E6FCB2B-A5EC-43FA-8250-FFE76435C16B}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: trymedia.com

DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\docume~1\COMPAQ~1\APPLIC~1\Mozilla\Firefox\Profiles\31r6n7p4.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveGS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgCtl.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-31 08:41

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SAVRT]

"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\SNDSrvc]

"ImagePath"="-"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3276)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\progra~1\WINDOW~1\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\arservice.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\spool\drivers\w32x86\3\lxdmserv.exe

c:\windows\system32\lxdmcoms.exe

c:\windows\system32\nvsvc32.exe

c:\progra~1\Yahoo!\browser\ycommon.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\ehome\mcrdsvc.exe

c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

c:\windows\system32\wscntfy.exe

c:\windows\system32\dllhost.exe

c:\program files\DISC\DiscStreamHub.exe

c:\windows\ehome\ehmsas.exe

c:\progra~1\McAfee\MSC\mcuimgr.exe

c:\program files\McAfee\VirusScan\Mcshield.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\McAfee.com\Agent\mcagent.exe

c:\program files\McAfee\MPF\MpfSrv.exe

.

**************************************************************************

.

Completion time: 2009-05-31 8:47 - machine was rebooted

ComboFix-quarantined-files.txt 2009-05-31 15:46

ComboFix2.txt 2009-05-31 03:19

Pre-Run: 131,417,808,896 bytes free

Post-Run: 131,530,817,536 bytes free

Current=5 Default=5 Failed=1 LastKnownGood=3 Sets=,1,2,3,4,5

286 --- E O F --- 2009-05-18 06:22

Link to post
Share on other sites

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.37

Database version: 2207

Windows 5.1.2600 Service Pack 3

6/1/2009 11:32:56 AM

mbam-log-2009-06-01 (11-32-56).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 189653

Time elapsed: 2 hour(s), 10 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\qoobox\quarantine\c\windows\system32\UACjxvoxwhaybvlkbm.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\qoobox\quarantine\c\windows\system32\UACkkcmgflrgxkchfj.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\qoobox\quarantine\c\windows\system32\UACoobhhdylnhampxe.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\qoobox\quarantine\c\windows\system32\UACrnyromkvnyielyd.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\qoobox\quarantine\c\windows\system32\UACufodpmlmbkkkyav.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\UACtpqdtitbddvcxjt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP66\A0020447.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

Link to post
Share on other sites

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avira or Mcafee.

============================================================

Cleanup:

Please download OT CLeanit from Here save it to your desktop.

Double click on OT Clean it to run it.

Then click on Clean up.

Restart your computer when prompted.

This will remove what tools we used.

===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================

Delete\uninstall anything else that we have used.

System Restore

Then I will need you to reset your System Restore points.

The link below shows how to create a clean restore point.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual

=====================================

After that your all set. :thumbsup:

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

Link to post
Share on other sites

I've uninstalled Avira and ran the OT Clean it. But I downloaded the Java 6 update 14 and uninstalled all older versions but after the reboot, it told me the file could not open and was damaged. I tried twice more and each time the browser blocked me from accessing the Java website -"Internet Explorer has closed this webpage to help protect your computer. A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage."

I was finally able to install Java Downloads for Windows Operating System Recommended Version 6 Update 13. But I'm still receiving this new webpage error after each page loads. Is that normal??

I've not completed the system restore point step yet. I'll wait for the ok from you about this Java/ error issue.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.