Inactive Can't access Windows Updates, URLs redirecting, XP & SP2

[Inactive] Can't access Windows Updates, URLs redirecting, XP & SP2

Hi guys

I am posting this from another PC as I get the same message as the problem below when trying to post on the forums. Might take a while to reply unless I can fix the posting problem. I will post the attache file now as it might be a couple of days before I get access to another PC.

I am unable to access windows updates, get the message "Internet explorer can't display the webpage ".
I have the full McAfee protection. I have run scans in McAfee and Malawarebytes. I have downloaded
IE8 but was having the same problem before in IE6. I am hoping to update to SP3 but unable to till
problem solved. DDS file is below. If attach file is required I can post it later.

Thanks guys....Alex

DDS (Ver_10-03-17.01) - NTFSx86
Run by Alexander at 13:42:16.11 on 05/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.31 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\v2.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Alexander\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Page_URL = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [eyeBeam SIP Client]
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [<NO NAME>] c:\docume~1\alexan~1\locals~1\temp\v2.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [NWEReboot]
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\v6.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
Trusted Zone: updatexp.com\www
Trusted Zone: windowsudate.com\*.download
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1203429233933
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203370799100
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alexan~1\applic~1\mozilla\firefox\profiles\jbnxf0po.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-16 214664]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-16 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-16 40552]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-7-6 20480]
S0 fyymxlcr;fyymxlcr;c:\windows\system32\drivers\fyymxlcr.sys --> c:\windows\system32\drivers\fyymxlcr.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-16 34248]

=============== Created Last 30 ================

2010-08-05 11:42:25 0 dc-h--w- c:\windows\ie8
2010-08-05 02:22:15 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-04 19:01:51 58880 ----a-w- c:\windows\_detmp.2
2010-08-04 19:01:49 44596 ----a-w- c:\windows\_detmp.1
2010-08-04 11:11:47 0 d-----w- C:\_OTL
2010-08-03 22:04:23 0 d--h--w- c:\windows\system32\GroupPolicy
2010-08-03 00:49:41 0 d-----w- c:\program files\FlashGet
2010-08-02 15:37:59 25088 -c--a-w- c:\windows\system32\dllcache\sm59w.dll
2010-08-02 15:36:53 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-08-02 15:36:51 44544 -c--a-w- c:\windows\system32\dllcache\nsepm.dll
2010-08-02 15:36:47 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2010-08-02 15:36:39 111104 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2010-08-02 15:34:45 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-08-02 15:33:46 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2010-08-02 15:32:58 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2010-08-02 15:31:57 76800 -c--a-w- c:\windows\system32\dllcache\logui.ocx
2010-08-02 15:28:26 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-08-02 15:28:09 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-08-02 15:28:09 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-08-02 15:28:09 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-08-02 15:28:09 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-08-02 15:28:09 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-08-02 15:17:06 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-08-02 15:11:58 13753 ----a-r- c:\windows\SET5C.tmp
2010-08-02 15:11:53 1086058 ----a-r- c:\windows\SET50.tmp
2010-08-02 15:11:50 1042903 ----a-r- c:\windows\SET4D.tmp
2010-08-02 10:16:49 0 d-s---w- C:\ComboFix
2010-08-02 08:52:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-08-01 17:16:28 13753 ----a-r- c:\windows\SETAB.tmp
2010-08-01 17:16:22 1086058 ----a-r- c:\windows\SET9F.tmp
2010-08-01 17:16:18 1042903 ----a-r- c:\windows\SET9C.tmp
2010-08-01 14:58:01 19528 ----a-w- c:\windows\000001_.tmp
2010-08-01 10:04:03 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-25 17:02:46 7680 --sha-w- c:\windows\Thumbs.db
2010-07-24 19:13:06 336 ----a-w- c:\windows\system32\secustat.dat
2010-07-24 19:11:33 891 ----a-w- c:\windows\system32\secushr.dat
2010-07-24 19:09:40 25 ----a-w- c:\windows\libem.INI
2010-07-24 19:08:42 0 d-----w- c:\docume~1\alexan~1\applic~1\FlashGet
2010-07-24 19:08:07 0 d-----w- c:\docume~1\alexan~1\applic~1\BITS
2010-07-24 19:07:28 0 d-----w- c:\docume~1\alexan~1\applic~1\FlashGetBHO
2010-07-24 19:07:25 0 d-----w- c:\program files\FlashGet Network
2010-07-16 22:05:37 112 ----a-w- c:\docume~1\alluse~1\applic~1\48tE0Xd8.dat
2010-07-06 20:02:34 4128 ----a-w- c:\windows\system32\msrun.exe
2010-07-06 19:55:30 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-07-06 19:54:20 0 d-----w- c:\docume~1\alexan~1\applic~1\6E4EEDAE816C60F64E22493BE10747FD

==================== Find3M ====================

2010-08-02 15:25:12 22764 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-15 14:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-01 23:26:44 12872 ----a-w- c:\windows\system32\bootdelete.exe
2008-05-05 21:02:54 0 ----a-w- c:\program files\temp01
2009-05-21 21:58:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052120090522\index.dat

============= FINISH: 13:50:25.14 ===============

 

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 02/08/2010 16:40:01
System Uptime: 08/05/2010 13:11:39 (2136 hours ago)

Motherboard: Intel Corporation | | D815EEA
Processor: Intel Pentium III processor | J4L1 | 996/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 7.905 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 20.631 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== Installed Programs ======================


Adobe Acrobat 4.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
BT Home Hub
BT Wireless Connection Manager
BT Yahoo! Applications
CardRd81
CCHelp
CCleaner (remove only)
CCScore
coverXP (remove only)
CR2
EPSON Printer Software
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
FLAC 1.2.1b (remove only)
foobar2000 v1.0.3
Google Update Helper
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 7
Java Auto Updater
Junk Mail filter update
Kodak EasyShare software
KSU
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MediaMonkey 3.1
Medieval CUE Splitter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Script 5.7
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero - Burning Rom
Nero 7 Premium
neroxml
Notifier
oggcodecs 0.71.0946
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OTtBP
OTtBPSDK
Paint Shop Pro 4.15 SE
PCDLNCH
QuickTime
RealPlayer
Segoe UI
SFR
SFR2
SonicStage 4.3
SoulSeek 157 NS 13e
UltraISO Premium V9.36
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VCAMCEN
VLC media player 0.9.8a
VPRINTOL
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows XP Hotfix - KB884020
WinRAR archiver
Yahoo! Software Update

==== End Of File ===========================

 

Thanks for checking Bromi, I seem to be able to post OK now, still have the other problems. Malawarebytes scan was OK, see log below. I will post GMER log soon.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4284

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

07/08/2010 10:33:55
mbam-log-2010-08-07 (10-33-55).txt

Scan type: Quick scan
Objects scanned: 166657
Time elapsed: 25 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

GMER log is too large. I will post it in 2 or 3 parts. I defumitely didn't have show all ticked, thanks....Alex

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-07 12:37:49
Windows 5.1.2600 Service Pack 2
Running: 1ym9xpp2.exe; Driver: C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\kgkyqkob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF5D4A78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF5D4A821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF5D4A738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF5D4A74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF5D4A835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF5D4A861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF5D4A8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF5D4A8B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF5D4A7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF5D4A8FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF5D4A80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF5D4A710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF5D4A724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF5D4A79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF5D4A937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF5D4A8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF5D4A88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF5D4A84B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF5D4A923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF5D4A90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF5D4A776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF5D4A762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF5D4A877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF5D4A7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF5D4A8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF5D4A7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF5D4A7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804FC679 7 Bytes JMP F5D4A7B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 805684D5 5 Bytes JMP F5D4A811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056B9A8 7 Bytes JMP F5D4A891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056C608 5 Bytes JMP F5D4A766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8056F063 5 Bytes JMP F5D4A825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 8056F473 7 Bytes JMP F5D4A93B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8056F76A 7 Bytes JMP F5D4A8D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8057164C 5 Bytes JMP F5D4A78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80573789 5 Bytes JMP F5D4A7E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573C04 7 Bytes JMP F5D4A7CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8057459E 5 Bytes JMP F5D4A714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057494D 7 Bytes JMP F5D4A7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80575527 7 Bytes JMP F5D4A87B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 805801FE 7 Bytes JMP F5D4A8BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805829DD 5 Bytes JMP F5D4A8FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805885D3 7 Bytes JMP F5D4A750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058AE1E 5 Bytes JMP F5D4A7FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80597430 7 Bytes JMP F5D4A865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 80597C0A 5 Bytes JMP F5D4A728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 8059D6BD 7 Bytes JMP F5D4A839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B3543 5 Bytes JMP F5D4A73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062C85B 5 Bytes JMP F5D4A77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064C3B0 5 Bytes JMP F5D4A913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064C689 7 Bytes JMP F5D4A8E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064CF58 7 Bytes JMP F5D4A8A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064D39F 7 Bytes JMP F5D4A84F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064D892 5 Bytes JMP F5D4A927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\DRIVERS\DcCam.sys entry point in ".rsrc" section [0xF78A1514]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FF0082
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FF0071
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FF0F97
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FF004A
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FF0014
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FF0F66
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FF00AE
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF0F1F
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF0F3A
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00FF00D3
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00FF002F
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00FF0093
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00FF0FC3
.text C:\WINDOWS\system32\services.exe[792] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00FF0F4B
.text C:\WINDOWS\system32\services.exe[792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC0044
.text C:\WINDOWS\system32\services.exe[792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0FB9
.text C:\WINDOWS\system32\services.exe[792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\services.exe[792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC000C
.text C:\WINDOWS\system32\services.exe[792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\services.exe[792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC001D
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00FE0040
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00FE0F83
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00FE0F9E
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\services.exe[792] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00FE0025
.text C:\WINDOWS\system32\services.exe[792] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\services.exe[792] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\services.exe[792] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00C9001B
.text C:\WINDOWS\system32\services.exe[792] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\system32\services.exe[792] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F40F9B
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F40090
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F40073
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F40FC0
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F40051
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F400B5
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F40F6D
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F40F30
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F40F41
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00F40F1F
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00F40062
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F4000A
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00F40F8A
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00F40040
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00F4001B
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00F40F5C
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00CD001E
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00CD0040
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00CD0FC3
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00CD0F83
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00CD002F
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\lsass.exe[804] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00CD0FA8
.text C:\WINDOWS\system32\lsass.exe[804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CC0FB7
.text C:\WINDOWS\system32\lsass.exe[804] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CC0042
.text C:\WINDOWS\system32\lsass.exe[804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CC001D
.text C:\WINDOWS\system32\lsass.exe[804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CC000C
.text C:\WINDOWS\system32\lsass.exe[804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CC0FD2
.text C:\WINDOWS\system32\lsass.exe[804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CC0FE3
.text C:\WINDOWS\system32\lsass.exe[804] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\lsass.exe[804] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\lsass.exe[804] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\lsass.exe[804] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00CA0036
.text C:\WINDOWS\system32\lsass.exe[804] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00CA0047
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B10F54
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B10049
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B1002E
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B10F6F
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B10011
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B10081
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B10064
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B100B7
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B10092
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00B10EF9
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00B10F80
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B10FCA
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00B10F43
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00B10FB9
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00B10F14
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00AF0FC3
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00AF0F97
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00AF0014
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00AF0FD4
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00AF0054
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00AF0043
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00AF0FE5
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00AF0FB2
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AE0062
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AE003D
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AE002C
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AE0FCD
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AE0011
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00AC0000

 

GMER Part 2

.text C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 009C0036
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B40000
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B40F6D
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B40F92
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B40FA3
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B40FC0
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B40058
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B40F41
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B40F5C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B400BF
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B40F30
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00B40F01
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00B40FDB
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B40011
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00B4007D
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00B4003D
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00B4002C
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00B400A4
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B30FD1
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B30F9B
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B30022
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B30011
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B30FB6
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B30062
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B3003D
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B2002C
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20FA1
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20011
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20FBC
.text C:\WINDOWS\system32\svchost.exe[1304] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20FD7
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00B00011
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00B0002C
.text C:\WINDOWS\system32\svchost.exe[1304] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00B00047
.text C:\WINDOWS\system32\svchost.exe[1304] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B1000A
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D80F41
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D80F52
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D80F6D
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D80F94
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D8002C
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D8006E
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D8005D
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D80EE9
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D80EFA
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00D80093
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00D80FA5
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00D80F30
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00D8001B
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00D80FD4
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00D80F0B
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00D70FCD
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00D70F8D
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00D70FDE
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00D7000A
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00D7004A
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00D70039
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00D70FB2
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D60F92
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D6001D
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D60FD2
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D60FB7
.text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D6000C
.text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00D40FDE
.text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00D40FCD
.text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00D40FBC
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D50FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1508] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1508] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 015D0000
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 015D009F
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 015D0FB4
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 015D008E
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 015D007D
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 015D0051
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 015D00D0
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 015D0F7E
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015D00EB
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015D0F52
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 015D0F37
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 015D0062
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 015D0FDB
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 015D0F8F
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 015D002C
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 015D0011
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 015D0F6D
.text C:\WINDOWS\Explorer.EXE[1828] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DD0FBC
.text C:\WINDOWS\Explorer.EXE[1828] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DD0051
.text C:\WINDOWS\Explorer.EXE[1828] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DD0FD7
.text C:\WINDOWS\Explorer.EXE[1828] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DD0000
.text C:\WINDOWS\Explorer.EXE[1828] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DD0036
.text C:\WINDOWS\Explorer.EXE[1828] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DD0011
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01310014
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01310F86
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01310FB9
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01310FCA
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01310039
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01310F97
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01310FE5
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01310FA8
.text C:\WINDOWS\Explorer.EXE[1828] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00DB0000
.text C:\WINDOWS\Explorer.EXE[1828] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00DB001B
.text C:\WINDOWS\Explorer.EXE[1828] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00DB002C
.text C:\WINDOWS\Explorer.EXE[1828] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00DB0051
.text C:\WINDOWS\Explorer.EXE[1828] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B80F7C
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B80F8D
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B80F9E
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B80FAF
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B800A7
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B80096
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B800DD
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B800C2
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00B80F33
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B80025
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00B80F6B
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00B80051
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00B80036
.text C:\WINDOWS\system32\svchost.exe[2252] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00B80F44
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B7002C
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B70070
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B70FDB
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B7001B
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B7005F
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B7004E
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\svchost.exe[2252] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B7003D
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B60F97
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60022
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60011
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60FBC
.text C:\WINDOWS\system32\svchost.exe[2252] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[2252] WININET.dll!InternetOpenA 6302B2D5 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[2252] WININET.dll!InternetOpenW 6302B92E 5 Bytes JMP 00B50011
.text C:\WINDOWS\system32\svchost.exe[2252] WININET.dll!InternetOpenUrlA 6302DEF0 5 Bytes JMP 00B50FDB
.text C:\WINDOWS\system32\svchost.exe[2252] WININET.dll!InternetOpenUrlW 63077347 5 Bytes JMP 00B5002C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 824A5EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ Wireless
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ProcessGroupPolicy ProcessWIRELESSPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ Folder Redirection
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@DllName fdeploy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@EventSources (Folder Redirection,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ QoS Packet Scheduler
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ProcessGroupPolicy ProcessPSCHEDPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ Scripts
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicy ProcessScriptsGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicyEx ProcessScriptsGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@GenerateGroupPolicy GenerateScriptsGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NotifyLinkTransition 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ 802.3 Group Policy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName @dot3gpclnt.dll,-100
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx ProcessLANPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy GenerateLANPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName dot3gpclnt.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ IP Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ProcessGroupPolicy ProcessIPSECPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6DB3F2A-ADED-E304-D62E-DECBC85A2885}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6DB3F2A-ADED-E304-D62E-DECBC85A2885}@iagbcikeigdgjniokc 0x6B 0x61 0x6B 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6DB3F2A-ADED-E304-D62E-DECBC85A2885}@haabmcakngdbalbh 0x6B 0x61 0x6B 0x66 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\DcCam.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

 

Hi again Broni. I am running the MBRCheck now and it is telling me it has found a non-standard or infected MBR.

I have the 3 options

1. Dump the MBR of a physical disc to file.
2. Restore the MBR of a physical disc with a standard boot code.
3. Exit

I want to get this correct Broni. Which option do I need to take.

Cheers....Alex

 

Cheers Broni, here's the log.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7BA9000 \WINDOWS\system32\KDCOM.DLL
0xF7AB9000 \WINDOWS\system32\BOOTVID.dll
0xF765A000 ACPI.sys
0xF7BAB000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7649000 pci.sys
0xF76A9000 isapnp.sys
0xF7BAD000 intelide.sys
0xF7929000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF76B9000 MountMgr.sys
0xF762A000 ftdisk.sys
0xF7BAF000 dmload.sys
0xF7604000 dmio.sys
0xF7931000 PartMgr.sys
0xF76C9000 VolSnap.sys
0xF75EC000 atapi.sys
0xF76D9000 disk.sys
0xF76E9000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF75CD000 fltmgr.sys
0xF75BB000 sr.sys
0xF76F9000 PxHelp20.sys
0xF75A4000 KSecDD.sys
0xF7591000 WudfPf.sys
0xF7504000 Ntfs.sys
0xF74D7000 NDIS.sys
0xF74BC000 Mup.sys
0xF7709000 agp440.sys
0xF7739000 \SystemRoot\System32\DRIVERS\p3.sys
0xF72A4000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF7290000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF79C9000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF726D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79D1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79D9000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF7227000 \SystemRoot\system32\drivers\emu10k1m.sys
0xF7203000 \SystemRoot\system32\drivers\portcls.sys
0xF7749000 \SystemRoot\system32\drivers\drmk.sys
0xF71E0000 \SystemRoot\system32\drivers\ks.sys
0xF7759000 \SystemRoot\system32\drivers\sfmanm.sys
0xF7BD1000 \SystemRoot\system32\drivers\ctlfacem.sys
0xF7D4D000 \SystemRoot\System32\DRIVERS\ctljystk.sys
0xF7B7D000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF7769000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF79E9000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF79F1000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF79F9000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7779000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7B81000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF71CC000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7789000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7799000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF77A9000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7A01000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7D4E000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF77B9000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7B89000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF71B5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF77C9000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF77D9000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7A09000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF718A000 \SystemRoot\System32\DRIVERS\psched.sys
0xF77E9000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7A11000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7A19000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF77F9000 \SystemRoot\system32\DRIVERS\ndisrd.sys
0xF70B9000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7809000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7BD3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF705D000 \SystemRoot\System32\DRIVERS\update.sys
0xF7BA1000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7819000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BD5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7829000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7A29000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7BDB000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BDF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7859000 \SystemRoot\system32\DRIVERS\DcCam.sys
0xF5EFB000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS
0xF7C8E000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BE1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A39000 \SystemRoot\System32\drivers\vga.sys
0xF7BE3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BE5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A41000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A49000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B39000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5EC8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF5E70000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5E49000 \SystemRoot\System32\Drivers\Mpfp.sys
0xF7869000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xF5E21000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5DFF000 \SystemRoot\System32\drivers\afd.sys
0xF7879000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF5DD3000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF5D64000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF5D31000 \SystemRoot\system32\drivers\mfehidk.sys
0xF5CE8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF5CD1000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0xF7899000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF78A9000 \SystemRoot\System32\Drivers\Fips.SYS
0xF78F9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7AA1000 \SystemRoot\System32\watchdog.sys
0xF7BA5000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7DE1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF78C9000 \SystemRoot\system32\drivers\dcfs2k.sys
0xF4B6E000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF40ED000 \SystemRoot\system32\drivers\wdmaud.sys
0xF5C61000 \SystemRoot\system32\drivers\sysaudio.sys
0xF3E3B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7C23000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF3CA8000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7A21000 \SystemRoot\system32\drivers\mfebopk.sys
0xF2B5C000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF28C9000 \SystemRoot\System32\Drivers\HTTP.sys
0xF5C71000 \SystemRoot\system32\drivers\mfesmfk.sys
0xF25CF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
720 csrss.exe
744 C:\WINDOWS\system32\winlogon.exe
792 C:\WINDOWS\system32\services.exe
804 C:\WINDOWS\system32\lsass.exe
964 C:\WINDOWS\system32\svchost.exe
1024 svchost.exe
1120 C:\WINDOWS\system32\svchost.exe
1168 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1416 svchost.exe
1580 C:\WINDOWS\system32\spoolsv.exe
1820 C:\WINDOWS\explorer.exe
2000 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
140 C:\Program Files\McAfee.com\Agent\mcagent.exe
168 C:\WINDOWS\system32\ctfmon.exe
384 C:\WINDOWS\system32\drivers\KodakCCS.exe
508 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
584 C:\Program Files\Google\Update\GoogleUpdate.exe
1348 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
1448 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
1508 C:\WINDOWS\system32\devldr32.exe
1780 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1816 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
184 C:\Program Files\McAfee\MPF\MpfSrv.exe
2132 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2280 C:\WINDOWS\system32\svchost.exe
3644 alg.exe
3656 C:\Program Files\Internet Explorer\iexplore.exe
3952 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2660 C:\Program Files\Internet Explorer\iexplore.exe
1460 C:\WINDOWS\system32\notepad.exe
2976 C:\Documents and Settings\Alexander\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Maxtor5T040H4, Rev: TAH71DP0
PhysicalDrive1 Model Number: MAXTORSTM3160212A, Rev: 3.AAJ

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 125629BD0A6AB9FF105E3BB2F4BD886D4564EFA6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

 

Thanks Broni, here's the MBRCheck log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7BA9000 \WINDOWS\system32\KDCOM.DLL
0xF7AB9000 \WINDOWS\system32\BOOTVID.dll
0xF765A000 ACPI.sys
0xF7BAB000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7649000 pci.sys
0xF76A9000 isapnp.sys
0xF7BAD000 intelide.sys
0xF7929000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF76B9000 MountMgr.sys
0xF762A000 ftdisk.sys
0xF7BAF000 dmload.sys
0xF7604000 dmio.sys
0xF7931000 PartMgr.sys
0xF76C9000 VolSnap.sys
0xF75EC000 atapi.sys
0xF76D9000 disk.sys
0xF76E9000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF75CD000 fltmgr.sys
0xF75BB000 sr.sys
0xF76F9000 PxHelp20.sys
0xF75A4000 KSecDD.sys
0xF7591000 WudfPf.sys
0xF7504000 Ntfs.sys
0xF74D7000 NDIS.sys
0xF74BC000 Mup.sys
0xF7709000 agp440.sys
0xF7739000 \SystemRoot\System32\DRIVERS\p3.sys
0xF72A4000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF7290000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF79C9000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF726D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79D1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79D9000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF7227000 \SystemRoot\system32\drivers\emu10k1m.sys
0xF7203000 \SystemRoot\system32\drivers\portcls.sys
0xF7749000 \SystemRoot\system32\drivers\drmk.sys
0xF71E0000 \SystemRoot\system32\drivers\ks.sys
0xF7759000 \SystemRoot\system32\drivers\sfmanm.sys
0xF7BD1000 \SystemRoot\system32\drivers\ctlfacem.sys
0xF7D4D000 \SystemRoot\System32\DRIVERS\ctljystk.sys
0xF7B7D000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF7769000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF79E9000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF79F1000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF79F9000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7779000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7B81000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF71CC000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7789000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7799000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF77A9000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7A01000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7D4E000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF77B9000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7B89000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF71B5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF77C9000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF77D9000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7A09000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF718A000 \SystemRoot\System32\DRIVERS\psched.sys
0xF77E9000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7A11000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7A19000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF77F9000 \SystemRoot\system32\DRIVERS\ndisrd.sys
0xF70B9000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7809000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7BD3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF705D000 \SystemRoot\System32\DRIVERS\update.sys
0xF7BA1000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7819000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BD5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7829000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7A29000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7BDB000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BDF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7859000 \SystemRoot\system32\DRIVERS\DcCam.sys
0xF5EFB000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS
0xF7C8E000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BE1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A39000 \SystemRoot\System32\drivers\vga.sys
0xF7BE3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BE5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A41000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A49000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B39000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5EC8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF5E70000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5E49000 \SystemRoot\System32\Drivers\Mpfp.sys
0xF7869000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xF5E21000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5DFF000 \SystemRoot\System32\drivers\afd.sys
0xF7879000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF5DD3000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF5D64000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF5D31000 \SystemRoot\system32\drivers\mfehidk.sys
0xF5CE8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF5CD1000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0xF7899000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF78A9000 \SystemRoot\System32\Drivers\Fips.SYS
0xF78F9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7AA1000 \SystemRoot\System32\watchdog.sys
0xF7BA5000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7DE1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF78C9000 \SystemRoot\system32\drivers\dcfs2k.sys
0xF4B6E000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF40ED000 \SystemRoot\system32\drivers\wdmaud.sys
0xF5C61000 \SystemRoot\system32\drivers\sysaudio.sys
0xF3E3B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7C23000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF3CA8000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7A21000 \SystemRoot\system32\drivers\mfebopk.sys
0xF2B5C000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF28C9000 \SystemRoot\System32\Drivers\HTTP.sys
0xF5C71000 \SystemRoot\system32\drivers\mfesmfk.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
720 csrss.exe
744 C:\WINDOWS\system32\winlogon.exe
792 C:\WINDOWS\system32\services.exe
804 C:\WINDOWS\system32\lsass.exe
964 C:\WINDOWS\system32\svchost.exe
1024 svchost.exe
1120 C:\WINDOWS\system32\svchost.exe
1168 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1416 svchost.exe
1580 C:\WINDOWS\system32\spoolsv.exe
1820 C:\WINDOWS\explorer.exe
2000 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
140 C:\Program Files\McAfee.com\Agent\mcagent.exe
168 C:\WINDOWS\system32\ctfmon.exe
384 C:\WINDOWS\system32\drivers\KodakCCS.exe
508 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
584 C:\Program Files\Google\Update\GoogleUpdate.exe
1348 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
1448 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
1508 C:\WINDOWS\system32\devldr32.exe
1780 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1816 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
184 C:\Program Files\McAfee\MPF\MpfSrv.exe
2132 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2280 C:\WINDOWS\system32\svchost.exe
3644 alg.exe
3952 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2896 C:\WINDOWS\system32\wuauclt.exe
1112 C:\Documents and Settings\Alexander\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Maxtor5T040H4, Rev: TAH71DP0
PhysicalDrive1 Model Number: MAXTORSTM3160212A, Rev: 3.AAJ

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 125629BD0A6AB9FF105E3BB2F4BD886D4564EFA6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

 

I ran MBRCheck twice and both times it was asking me to restore the infected disc again. Log below is the last one. PC was rebooted after each check.

Still no windows updates.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7BA9000 \WINDOWS\system32\KDCOM.DLL
0xF7AB9000 \WINDOWS\system32\BOOTVID.dll
0xF765A000 ACPI.sys
0xF7BAB000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7649000 pci.sys
0xF76A9000 isapnp.sys
0xF7BAD000 intelide.sys
0xF7929000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF76B9000 MountMgr.sys
0xF762A000 ftdisk.sys
0xF7BAF000 dmload.sys
0xF7604000 dmio.sys
0xF7931000 PartMgr.sys
0xF76C9000 VolSnap.sys
0xF75EC000 atapi.sys
0xF76D9000 disk.sys
0xF76E9000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF75CD000 fltmgr.sys
0xF75BB000 sr.sys
0xF76F9000 PxHelp20.sys
0xF75A4000 KSecDD.sys
0xF7591000 WudfPf.sys
0xF7504000 Ntfs.sys
0xF74D7000 NDIS.sys
0xF74BC000 Mup.sys
0xF7709000 agp440.sys
0xF7919000 \SystemRoot\System32\DRIVERS\p3.sys
0xF72A4000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF7290000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF79A1000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF726D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79B1000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF7227000 \SystemRoot\system32\drivers\emu10k1m.sys
0xF7203000 \SystemRoot\system32\drivers\portcls.sys
0xF7739000 \SystemRoot\system32\drivers\drmk.sys
0xF71E0000 \SystemRoot\system32\drivers\ks.sys
0xF7749000 \SystemRoot\system32\drivers\sfmanm.sys
0xF7BCB000 \SystemRoot\system32\drivers\ctlfacem.sys
0xF7D35000 \SystemRoot\System32\DRIVERS\ctljystk.sys
0xF7B7D000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF7759000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF79C1000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF79C9000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF79D1000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7769000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7B81000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF71CC000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7779000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7789000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7799000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF79D9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7D37000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF77A9000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7B89000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF71B5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF77B9000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF77C9000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF79E1000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF71A4000 \SystemRoot\System32\DRIVERS\psched.sys
0xF77D9000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF79E9000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF79F1000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF77E9000 \SystemRoot\system32\DRIVERS\ndisrd.sys
0xF70D3000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF77F9000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7BCD000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF705D000 \SystemRoot\System32\DRIVERS\update.sys
0xF7BA1000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7809000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BCF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7819000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF79F9000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7BD5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BD9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7849000 \SystemRoot\system32\DRIVERS\DcCam.sys
0xF5EFB000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS
0xF7DBE000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BDB000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A09000 \SystemRoot\System32\drivers\vga.sys
0xF7BDD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BDF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A11000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A19000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B3D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF5EC8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF5E70000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5E49000 \SystemRoot\System32\Drivers\Mpfp.sys
0xF7859000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xF5E21000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF5DFF000 \SystemRoot\System32\drivers\afd.sys
0xF7869000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF5DD3000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF5D64000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF5D31000 \SystemRoot\system32\drivers\mfehidk.sys
0xF5D10000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF5CF9000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0xF7879000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7889000 \SystemRoot\System32\Drivers\Fips.SYS
0xF78B9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A41000 \SystemRoot\System32\watchdog.sys
0xF70B3000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D13000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7154000 \SystemRoot\system32\drivers\dcfs2k.sys
0xF4BC5000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF40BC000 \SystemRoot\system32\drivers\wdmaud.sys
0xF4B11000 \SystemRoot\system32\drivers\sysaudio.sys
0xF3E32000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7BC3000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF3CC7000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7AA9000 \SystemRoot\system32\drivers\mfebopk.sys
0xF35FD000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF352E000 \SystemRoot\System32\Drivers\HTTP.sys
0xF39FF000 \SystemRoot\system32\drivers\mfesmfk.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
720 csrss.exe
744 C:\WINDOWS\system32\winlogon.exe
792 C:\WINDOWS\system32\services.exe
804 C:\WINDOWS\system32\lsass.exe
964 C:\WINDOWS\system32\svchost.exe
1024 svchost.exe
1124 C:\WINDOWS\system32\svchost.exe
1240 C:\WINDOWS\system32\svchost.exe
1300 svchost.exe
1380 svchost.exe
1656 C:\WINDOWS\system32\spoolsv.exe
1764 C:\WINDOWS\explorer.exe
1952 C:\Program Files\McAfee.com\Agent\mcagent.exe
1996 C:\WINDOWS\system32\ctfmon.exe
500 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
612 C:\WINDOWS\system32\drivers\KodakCCS.exe
676 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
696 C:\Program Files\Google\Update\GoogleUpdate.exe
1192 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
1368 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
1424 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1640 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1248 C:\Program Files\McAfee\MPF\MpfSrv.exe
2100 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2244 C:\WINDOWS\system32\svchost.exe
2564 C:\WINDOWS\system32\wuauclt.exe
3484 alg.exe
3548 wmiprvse.exe
4024 C:\WINDOWS\system32\devldr32.exe
4076 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
2504 C:\Documents and Settings\Alexander\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Maxtor5T040H4, Rev: TAH71DP0
PhysicalDrive1 Model Number: MAXTORSTM3160212A, Rev: 3.AAJ

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 125629BD0A6AB9FF105E3BB2F4BD886D4564EFA6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

 

unable to access internet after Combofix ran. I have the log and will post it later.

 

Sorry Broni, I was able to send short messages earlir, I have no idea if any of the Combo logs I sent have reached you. I will send the full log from my work PC tomorrow.

 

Hi Broni, here is the complete Combofix Log. As stated before still no windows updates and now unable to access internet.

ComboFix 10-08-07.02 - Alexander 08/08/2010 10:39:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.51 [GMT 1:00]
Running from: c:\documents and settings\Alexander\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alexander\Application Data\BITS
c:\documents and settings\Alexander\Application Data\BITS\BITS.ini
c:\documents and settings\Alexander\Application Data\BITS\ProxyList.ini
c:\documents and settings\Alexander\Application Data\BITS\UPnP.ini
c:\documents and settings\Alexander\Application Data\FlashGetBHO
c:\documents and settings\Alexander\Application Data\FlashGetBHO\FlashGetHook.dll
c:\program files\FlashGet Network
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\msrun.exe
.
---- Previous Run -------
.
c:\documents and settings\Alexander\Application Data\6E4EEDAE816C60F64E22493BE10747FD\enemies-names.txt
c:\documents and settings\Alexander\Application Data\6E4EEDAE816C60F64E22493BE10747FD\local.ini
c:\documents and settings\Alexander\Application Data\BITS\BITS.ini
c:\documents and settings\Alexander\Application Data\BITS\DHTTable.dat
c:\documents and settings\Alexander\Application Data\BITS\ProxyList.ini
c:\documents and settings\Alexander\Application Data\BITS\UPnP.ini
c:\documents and settings\Alexander\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\Alexander\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\Alexander\Application Data\FlashGetBHO\GetUrl.htm
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ndisrd
-------\Service_ndisrd


((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-06 20:53 . 2010-08-06 20:53 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-06 20:52 . 2010-08-06 20:52 -------- d-----w- c:\documents and settings\Alexander\Application Data\6E4EEDAE816C60F64E22493BE10747FD
2010-08-05 11:42 . 2010-08-06 21:32 -------- dc-h--w- c:\windows\ie8
2010-08-05 02:22 . 2010-05-21 13:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-04 11:11 . 2010-08-04 11:11 -------- d-----w- C:\_OTL
2010-08-04 09:15 . 2010-08-04 09:15 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-08-03 22:44 . 2010-08-03 22:44 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-08-03 22:04 . 2010-08-03 22:04 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-08-03 00:49 . 2010-08-03 18:42 -------- d-----w- c:\program files\FlashGet
2010-08-02 15:37 . 2001-08-23 12:00 25088 -c--a-w- c:\windows\system32\dllcache\sm59w.dll
2010-08-02 15:36 . 2001-08-17 21:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-08-02 15:36 . 2004-08-04 00:56 44544 -c--a-w- c:\windows\system32\dllcache\nsepm.dll
2010-08-02 15:36 . 2001-08-23 12:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2010-08-02 15:36 . 2001-08-23 12:00 111104 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2010-08-02 15:34 . 2001-08-23 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-08-02 15:33 . 2004-08-04 00:56 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2010-08-02 15:32 . 2001-08-23 12:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll
2010-08-02 15:31 . 2004-08-04 00:56 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll
2010-08-02 15:17 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-08-02 15:12 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-08-02 15:12 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-08-02 15:12 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-08-02 15:12 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-08-02 11:59 . 2010-08-02 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-08-02 08:52 . 2010-08-02 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-02 08:52 . 2010-08-02 08:52 -------- d-----w- c:\program files\Alwil Software
2010-08-02 00:04 . 2010-08-02 00:04 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Yahoo
2010-08-01 10:04 . 2010-08-02 13:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 10:53 . 2010-07-27 10:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-07-24 19:08 . 2010-07-24 19:08 -------- d-----w- c:\documents and settings\Alexander\Application Data\FlashGet
2010-07-18 16:54 . 2010-07-18 16:54 0 ----a-w- c:\windows\nsreg.dat
2010-07-18 16:53 . 2010-07-18 16:53 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Mozilla
2010-07-17 08:00 . 2010-07-17 08:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-17 08:00 . 2010-07-17 08:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-07-17 08:00 . 2010-07-22 23:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-07-17 07:44 . 2010-07-17 07:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-17 07:43 . 2010-07-17 07:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 23:49 . 2009-12-04 18:30 -------- d-----w- c:\documents and settings\Alexander\Application Data\foobar2000
2010-08-07 15:03 . 2009-11-09 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-08-03 19:27 . 2008-02-18 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-03 19:27 . 2008-02-18 20:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-03 19:20 . 2008-04-15 17:44 -------- d-----w- c:\program files\Google
2010-08-03 19:17 . 2010-06-01 23:20 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-03 18:56 . 2010-06-10 16:01 -------- d-----w- c:\program files\Exact Audio Copy
2010-08-02 17:41 . 2008-02-18 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-08-02 15:25 . 2008-02-18 19:23 22764 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-02 13:19 . 2008-09-21 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-30 04:30 . 2008-08-30 10:44 -------- d-----w- c:\program files\QuickTime
2010-07-25 17:10 . 2008-02-18 20:17 -------- d-----w- c:\program files\btbb_wcm
2010-07-25 17:10 . 2008-10-31 16:31 -------- d-----w- c:\documents and settings\Alexander\Application Data\Soucpa
2010-07-25 16:04 . 2010-07-16 22:05 112 ----a-w- c:\documents and settings\All Users\Application Data\48tE0Xd8.dat
2010-07-24 22:29 . 2010-01-11 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-18 23:28 . 2009-06-28 11:47 -------- d-----w- c:\documents and settings\Alexander\Application Data\Ibukr
2010-07-15 14:18 . 2009-04-15 23:26 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-08 00:01 . 2010-06-10 16:03 -------- d-----w- c:\documents and settings\Alexander\Application Data\AccurateRip
2010-07-06 23:07 . 2009-04-08 03:30 -------- d-----w- c:\documents and settings\Alexander\Application Data\Nyoqve
2010-07-04 21:11 . 2008-02-18 20:23 -------- d-----w- c:\documents and settings\Alexander\Application Data\Yahoo!
2010-06-22 23:34 . 2010-06-22 23:34 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb5C.tmp.exe
2010-06-20 12:23 . 2010-06-20 12:23 -------- d-----w- c:\program files\MSXML 6.0
2010-06-19 23:04 . 2008-02-18 20:09 21040 ----a-w- c:\documents and settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-13 17:15 . 2009-06-05 18:55 -------- d-----w- c:\program files\Common Files\Java
2010-06-11 19:14 . 2008-02-18 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-06-11 19:14 . 2008-02-18 20:18 -------- d-----w- c:\program files\Yahoo!
2010-06-02 18:26 . 2010-06-02 18:26 63488 ----a-w- c:\documents and settings\Alexander\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-02 18:26 . 2010-06-02 18:26 52224 ----a-w- c:\documents and settings\Alexander\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-02 18:25 . 2010-06-02 18:25 117760 ----a-w- c:\documents and settings\Alexander\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-01 23:33 . 2010-06-01 23:21 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-01 23:26 . 2010-06-01 23:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2008-05-05 21:02 . 2008-05-05 21:02 0 ----a-w- c:\program files\temp01
.

Code:

<pre>
c:\program files\btbb_wcm\McciTrayApp .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\QuickTime\qttask                                                                                                                                                                                                                              .exe
c:\program files\Sony\SonicStage\SsAAD .exe
c:\windows\ime\imjp8_1\IMJPMIG .exe
c:\windows\ime\imkr6_1\IMEKRMIG .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [N/A]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"eyeBeam SIP Client "=" " [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task "= "c:\program files\QuickTime\qttask .exe -atboottime" [X]
"NWEReboot "=" " [N/A]
"NeroCheck "= "c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [N/A]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1 "= "c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate "= "c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
"tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-2-28 135680]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-7-23 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
c:\program files\SUPERAntiSpyware\SASWINLO.DLL [BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0????????\0????????\0????????

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fyymxlcr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [16/04/2009 00:31 93320]
S0 fyymxlcr;fyymxlcr;c:\windows\system32\Drivers\fyymxlcr.sys --> c:\windows\system32\Drivers\fyymxlcr.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/02/2010 19:41 135664]
S3 pqmlmcwo;pqmlmcwo;\??\c:\windows\System32\Drivers\pqmlmcwo.sys --> c:\windows\System32\Drivers\pqmlmcwo.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-15 11:22]

2010-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-15 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant =
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\v6.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
Trusted Zone: updatexp.com\www
Trusted Zone: windowsudate.com\*.download
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
TCP: {969D337C-1B82-4DB3-A46A-D0172076FBEF} = 208.67.222.222,208.67.220.220
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\jbnxf0po.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Acrobat 4.0 - c:\program files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 11:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82674EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76edfc3
\Driver\ACPI -> ACPI.sys @ 0xf7660cb8
\Driver\atapi -> atapi.sys @ 0xf75f27b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1645522239-1677128483-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6DB3F2A-ADED-E304-D62E-DECBC85A2885}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagbcikeigdgjniokc "=hex:6b,61,6b,66,63,6c,65,68,65,68,6d,6d,65,6c,65,68,6d,68,
63,64,6d,69,00,00
"haabmcakngdbalbh "=hex:6b,61,6b,66,63,6c,65,68,65,68,6d,6d,65,6c,65,68,6d,68,
63,64,6d,69,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@= "Wireless "
"DllName "=expand: "gptext.dll "
"NoGPOListChanges "=dword:00000001
"NoUserPolicy "=dword:00000001
"ProcessGroupPolicy "= "ProcessWIRELESSPolicy "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@= "Folder Redirection "
"ProcessGroupPolicyEx "= "ProcessGroupPolicyEx "
"DllName "=expand: "fdeploy.dll "
"NoMachinePolicy "=dword:00000001
"NoSlowLink "=dword:00000001
"PerUserLocalSettings "=dword:00000001
"NoGPOListChanges "=dword:00000000
"NoBackgroundPolicy "=dword:00000000
"GenerateGroupPolicy "= "GenerateGroupPolicy "
"EventSources "=multi: "(Folder Redirection,Application)\00\00 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@= "Microsoft Disk Quota "
"NoMachinePolicy "=dword:00000000
"NoUserPolicy "=dword:00000001
"NoSlowLink "=dword:00000001
"NoBackgroundPolicy "=dword:00000001
"NoGPOListChanges "=dword:00000001
"PerUserLocalSettings "=dword:00000000
"RequiresSuccessfulRegistry "=dword:00000001
"EnableAsynchronousProcessing "=dword:00000000
"DllName "=expand: "dskquota.dll "
"ProcessGroupPolicy "= "ProcessGroupPolicy "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@= "QoS Packet Scheduler "
"ProcessGroupPolicy "= "ProcessPSCHEDPolicy "
"DllName "=expand: "gptext.dll "
"NoUserPolicy "=dword:00000001
"NoGPOListChanges "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@= "Scripts "
"ProcessGroupPolicy "= "ProcessScriptsGroupPolicy "
"ProcessGroupPolicyEx "= "ProcessScriptsGroupPolicyEx "
"GenerateGroupPolicy "= "GenerateScriptsGroupPolicy "
"DllName "=expand: "gptext.dll "
"NoSlowLink "=dword:00000001
"NoGPOListChanges "=dword:00000001
"NotifyLinkTransition "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy "= "SceProcessSecurityPolicyGPO "
"GenerateGroupPolicy "= "SceGenerateGroupPolicy "
"ExtensionRsopPlanningDebugLevel "=dword:00000001
"ProcessGroupPolicyEx "= "SceProcessSecurityPolicyGPOEx "
"ExtensionDebugLevel "=dword:00000001
"DllName "=expand: "scecli.dll "
@= "Security "
"NoUserPolicy "=dword:00000001
"NoGPOListChanges "=dword:00000001
"EnableAsynchronousProcessing "=dword:00000001
"MaxNoGPOListChangesInterval "=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy "= "SceProcessEFSRecoveryGPO "
"DllName "=expand: "scecli.dll "
@= "EFS recovery "
"NoUserPolicy "=dword:00000001
"NoGPOListChanges "=dword:00000001
"RequiresSuccessfulRegistry "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@= "802.3 Group Policy "
"DisplayName "=expand: "@dot3gpclnt.dll,-100 "
"ProcessGroupPolicyEx "= "ProcessLANPolicyEx "
"GenerateGroupPolicy "= "GenerateLANPolicy "
"DllName "=expand: "dot3gpclnt.dll "
"NoUserPolicy "=dword:00000001
"NoGPOListChanges "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@= "Microsoft Offline Files "
"DllName "=expand: "%SystemRoot%\\System32\\cscui.dll "
"EnableAsynchronousProcessing "=dword:00000000
"NoBackgroundPolicy "=dword:00000000
"NoGPOListChanges "=dword:00000000
"NoMachinePolicy "=dword:00000000
"NoSlowLink "=dword:00000000
"NoUserPolicy "=dword:00000001
"PerUserLocalSettings "=dword:00000000
"ProcessGroupPolicy "= "ProcessGroupPolicy "
"RequiresSuccessfulRegistry "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@= "Software Installation "
"DllName "=expand: "appmgmts.dll "
"ProcessGroupPolicyEx "= "ProcessGroupPolicyObjectsEx "
"GenerateGroupPolicy "= "GenerateGroupPolicy "
"NoBackgroundPolicy "=dword:00000000
"RequiresSucessfulRegistry "=dword:00000000
"NoSlowLink "=dword:00000001
"PerUserLocalSettings "=dword:00000001
"EventSources "=multi: "(Application Management,Application)\00(MsiInstaller,Application)\00\00 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@= "IP Security "
"ProcessGroupPolicy "= "ProcessIPSECPolicy "
"DllName "=expand: "gptext.dll "
"NoUserPolicy "=dword:00000001
"NoGPOListChanges "=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant "=dword:00000000
"TsInternetUser "=dword:00000000
"SQLAgentCmdExec "=dword:00000000
"NetShowServices "=dword:00000000
"IWAM_ "=dword:00010000
"IUSR_ "=dword:00010000
"VUSR_ "=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(812)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2010-08-08 11:19:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-08 10:18

Pre-Run: 9,868,222,464 bytes free
Post-Run: 10,057,469,952 bytes free

- - End Of File - - 0B541D8303B47E7B0E61C1B1E7853007

 

Hi Broni. I followed the instructions above and after Combofix had run after entering the script. Combofix seemed to fix lots of problems but I still have no Internet and I can't now turn on my McAfee Virus Protection. Getting errors when I try to enable it now.
I will have to split the Combofix file into 3 or 4 parts.

ComboFix 10-08-07.02 - Alexander 10/08/2010 19:57:39.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.166 [GMT 1:00]
Running from: c:\documents and settings\Alexander\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alexander\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\All Users\Application Data\48tE0Xd8.dat "
"c:\windows\system32\Drivers\fyymxlcr.sys "
"c:\windows\System32\Drivers\pqmlmcwo.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alexander\.exe
c:\documents and settings\Alexander\Application Data\Ibukr
c:\documents and settings\Alexander\Application Data\Nyoqve
c:\documents and settings\All Users\Application Data\48tE0Xd8.dat
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\Common Client\settings.log
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Configuration.Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\10.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\10.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Configuration.Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-03_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-04_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-05_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-06_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-07_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-08_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-09_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-10_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-11_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-12_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-13_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-14_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-15_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2009-04-16_Log.ALUSchedulerSvc.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\4.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\4.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\5.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\5.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\6.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\6.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\7.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\7.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\8.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\8.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\9.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\9.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1173735233jtun_coh6061.rar.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1175028871jtun_enid0314.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1177008682jtun_syknapps_engine.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1179854937jtun_ecfw0509.x04.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1182386808jtun_allbb332-003-0514.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1185988839jtun_ecfw0709.x03.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191433361jtun_ensi0924.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1191865398jtun_xale0920.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1193795760jtun_the_scd.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1194300122jtun_lu32update.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1194303701jtun_the_syknapps_engine.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1196828001jtun_enap1201.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1197448193jtun_ensr1030.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1200939859jtun_ecfw0726.x01.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1200939859jtun_ecfw0906.x08.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1201634249jtun_coh32.rar.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1201841456jtun_cohdata.rar.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1202162353jtun_enpc0720.x04.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1202931107jtun_enfwcful.357.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203005079jtun_nav2k7ennful25.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203019431jtun_nisenidfull25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203105580jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203127068jtun_the_80215037.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203347948jtun_nav2k7enncur25.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203435351jtun_nav2k7en80218003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203489491jtun_80215037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203515784jtun_the_updecabi.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203533862jtun_nav2k7en80219003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203577506jtun_80219037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203608477jtun_nav2k7en80220003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203608477jtun_nav2k7enncur25.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203627285jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203657928jtun_80220053.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203695317jtun_nav2k7en80221002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203736382jtun_80221050.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203783448jtun_nav2k7en80222003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203868164jtun_nav2k7en80223004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203954189jtun_nav2k7en80224003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1203994819jtun_80222048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204040340jtun_nav2k7en80225003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204071897jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204076679jtun_80225037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204123573jtun_nav2k7en80226002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204173046jtun_80226039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204218012jtun_nav2k7en80227003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204221946jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204226856jtun_enfwc357.358.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204275755jtun_80227048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204301928jtun_nav2k7en80228003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204344177jtun_80228041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204386072jtun_nav2k7en80229003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204472790jtun_nav2k7en80301003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204559634jtun_nav2k7en80302001.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204617043jtun_80229049.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204651584jtun_nav2k7en80303003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204697485jtun_80303040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204732919jtun_nav2k7en80304016.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204764417jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204781786jtun_80304038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204819116jtun_nav2k7en80305003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204870402jtun_80305050.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204914472jtun_nav2k7en80306003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204923517jtun_80306051.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1204991114jtun_nav2k7en80307003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205079429jtun_nav2k7en80308006.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205159474jtun_nav2k7en80309003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205173331jtun_enis0305.x02.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205179649jtun_the_syknapps_engine.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205233120jtun_nav2k7en80310002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205269288jtun_enfwc358.360.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205301994jtun_80307025.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205332621jtun_nav2k7en80311002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205349647jtun_nisenid02md25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205349647jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205384632jtun_80311056.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205439011jtun_nav2k7en80312003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205509001jtun_nav2k7en80313019.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205523169jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205592398jtun_nav2k7en80314003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205682016jtun_nav2k7en80315003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205815481jtun_80312052.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205855074jtun_nav2k7en80316002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205906479jtun_80317050.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1205935529jtun_nav2k7en80318009.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206006172jtun_80318051.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206026509jtun_nav2k7en80319003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206074749jtun_80319055.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206074882jtun_enfwc360.362.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206109098jtun_nav2k7en80320009.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206164991jtun_80320050.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206196919jtun_nav2k7en80321004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206283037jtun_nav2k7en80322003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206369105jtun_nav2k7en80323003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206396700jtun_cohdata.rar.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206396916jtun_coh32.rar.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206426262jtun_80321051.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206455520jtun_nav2k7en80324005.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206472709jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206505190jtun_80324040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206541948jtun_nav2k7en80325003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206559394jtun_enfwc363.364.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206597635jtun_80325041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206628308jtun_nav2k7en80326004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206676950jtun_80326065.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206713398jtun_nav2k7en80327002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206801079jtun_nav2k7en80328003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206887670jtun_nav2k7en80329003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206975801jtun_nav2k7en80330003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1206989852jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207032167jtun_80327038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207059509jtun_nav2k7en80331019.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207119400jtun_80331052.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207153580jtun_nav2k7en80401006.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207202746jtun_80401054.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207244263jtun_nav2k7en80402004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207255135jtun_enfwc364.365.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207275326jtun_80402049.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207327952jtun_nav2k7en80403004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207361113jtun_80403041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207405204jtun_nav2k7en80404003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207491884jtun_nav2k7en80405003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207578890jtun_nav2k7en80406003.m25
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207589865jtun_nisenid03md25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207589865jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207629472jtun_80404048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207671144jtun_nav2k7en80407002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207678659jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207715187jtun_80407036.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207756327jtun_nav2k7en80408005.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207810095jtun_80408041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207841926jtun_nav2k7en80409009.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207880562jtun_80409064.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207924428jtun_nav2k7en80410009.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1207977853jtun_80410039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208013168jtun_nav2k7en80411003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208097213jtun_nav2k7en80412003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208207186jtun_nav2k7en80413003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208230618jtun_pif145.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208233931jtun_80411040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208270608jtun_nav2k7en80414016.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208288016jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208324438jtun_80414032.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208357985jtun_nav2k7en80415003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208403616jtun_80415054.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208436719jtun_nav2k7en80416009.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208499654jtun_80416056.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208529641jtun_nav2k7en80417001.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208566724jtun_80417038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208614272jtun_nav2k7en80418003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208708378jtun_nav2k7en80419003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208787983jtun_nav2k7en80420007.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208804135jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208841894jtun_80418039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208873923jtun_nav2k7en80421003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208920753jtun_80421040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208989488jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208994944jtun_nav2k7en80422003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1208999478jtun_80422048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209047298jtun_nav2k7en80423025.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209092955jtun_80423038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209130774jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209138640jtun_nav2k7en80424002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209220012jtun_nav2k7en80425002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209314443jtun_nav2k7en80426003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209395698jtun_nav2k7en80427009.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209404001jtun_enfwc365.367.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209432886jtun_80424034.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209478990jtun_nav2k7en80428003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209504890jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209516458jtun_80428037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209601546jtun_80429039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209669418jtun_nav2k7en80429003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209704177jtun_80430035.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209740495jtun_nav2k7en80501019.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209772316jtun_80501039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209776195jtun_hbpatch07.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209824646jtun_nav2k7en80502004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1209912294jtun_nav2k7en80503002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210000616jtun_nav2k7en80504003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210038628jtun_80502036.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210047138jtun_the_scd.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210083272jtun_nav2k7en80505003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210182722jtun_nav2k7en80506003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210207921jtun_80505034.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210256057jtun_nav2k7en80507008.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210286203jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210317357jtun_80507036.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210346847jtun_nav2k7en80508002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210389477jtun_80508048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210440185jtun_nav2k7en80509004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210538252jtun_nav2k7en80510006.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210602568jtun_nav2k7en80511007.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210641992jtun_the_scd.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210647994jtun_80509037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210688930jtun_nav2k7en80512003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210714558jtun_nisenid04md25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210714558jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210726947jtun_80512039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210730841jtun_the_scd.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210825740jtun_nav2k7en80513004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210838226jtun_80513040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210888173jtun_nav2k7en80514035.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210904911jtun_80514041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210910973jtun_the_scd.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1210964321jtun_nav2k7en80515016.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211034514jtun_nav2k7en80516019.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211119646jtun_nav2k7en80517002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211208396jtun_nav2k7en80518003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211246967jtun_80515036.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211248484jtun_the_scd.zip.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211293905jtun_nav2k7en80519003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211334651jtun_80519036.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211384509jtun_nav2k7en80520004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211400837jtun_enfwc367.368.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211413722jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211424826jtun_80520034.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211469785jtun_nav2k7en80521003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211519190jtun_80521036.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211557223jtun_nav2k7en80522003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211577704jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211610200jtun_80522037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211639148jtun_nav2k7en80523002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211725499jtun_nav2k7en80524001.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211811578jtun_nav2k7en80525003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211846224jtun_80523039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211900895jtun_nav2k7en80526004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211942982jtun_80526035.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211988451jtun_nav2k7en80527003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1211996323jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212023241jtun_80527038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212071453jtun_nav2k7en80528002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212109642jtun_80528040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212114098jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212162267jtun_nav2k7en80529003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212186221jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212194620jtun_80529048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212203017jtun_ensi0529.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212244579jtun_nav2k7en80530003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212330563jtun_nav2k7en80531002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212416254jtun_nav2k7en80601004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212443086jtun_enfwc368.369.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212464292jtun_80530041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212503218jtun_nav2k7en80602003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212551785jtun_80602049.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212588775jtun_nav2k7en80603003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212625417jtun_nisenid05md25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212625417jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212626483jtun_80603040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212675747jtun_nav2k7en80604003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212712648jtun_80604040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212766475jtun_nav2k7en80605003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212793780jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212801513jtun_80605048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212849838jtun_nav2k7en80606003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1212935006jtun_nav2k7en80607003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213022912jtun_nav2k7en80608003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213069922jtun_80606037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213121704jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213131816jtun_nav2k7en80609003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213154545jtun_80609036.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213224149jtun_enfwc369.370.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213236813jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213246071jtun_80610039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213274882jtun_nav2k7en80610017.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213325954jtun_80611048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213373739jtun_nav2k7en80612003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213401516jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213455277jtun_nav2k7en80613003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213540086jtun_nav2k7en80614003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213626810jtun_nav2k7en80615003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213716226jtun_nav2k7en80616003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213748620jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213749838jtun_80612041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213794991jtun_nav2k7en80617017.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213822966jtun_80617052.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213884234jtun_nav2k7en80618003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213922540jtun_80618024.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1213977000jtun_nav2k7en80619003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214007617jtun_80619037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214060270jtun_nav2k7en80620003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214143424jtun_nav2k7en80621003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214231894jtun_nav2k7en80622003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214281095jtun_80620039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214285501jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214317539jtun_nav2k7en80623004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214368881jtun_80623036.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214403768jtun_nav2k7en80624003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214462804jtun_80624038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214489491jtun_nav2k7en80625003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214532136jtun_80625040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214580852jtun_nav2k7en80626003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214614674jtun_80626037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214663359jtun_nav2k7en80627003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214748808jtun_nav2k7en80628004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214809388jtun_enfwc370.371.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214835987jtun_nav2k7en80629002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214875189jtun_80627040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214922906jtun_nav2k7en80630003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1214972202jtun_80630037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215007466jtun_nav2k7en80701003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215050718jtun_80701039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215096415jtun_nav2k7en80702003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215150238jtun_80702048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215181012jtun_nav2k7en80703003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215267832jtun_nav2k7en80704003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215354879jtun_nav2k7en80705003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215441635jtun_nav2k7en80706002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215527067jtun_nav2k7en80707003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215539317jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215563346jtun_80703037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215615244jtun_nav2k7en80708003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215633974jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215670651jtun_80708038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215702483jtun_nav2k7en80709003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215754925jtun_80709049.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215788676jtun_nav2k7en80710003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215822575jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215874036jtun_nav2k7en80711003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1215959406jtun_nav2k7en80712002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216045567jtun_nav2k7en80713002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216071802jtun_firstexpirationpif.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216103165jtun_80710038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216135217jtun_nav2k7en80714003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216150482jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216155287jtun_80714038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216220042jtun_nav2k7en80715004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216246429jtun_80715037.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216300311jtun_enfwc371.372.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216305110jtun_nav2k7en80716005.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216338166jtun_nisenid06md25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216338166jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216365308jtun_80716033.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216394691jtun_nav2k7en80717003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216476705jtun_nav2k7en80718007.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216564437jtun_nav2k7en80719005.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216649190jtun_nav2k7en80720003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216698336jtun_80717064.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216737034jtun_nav2k7en80721003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216772469jtun_80721041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216831702jtun_nav2k7en80722003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216857289jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216865891jtun_80722049.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216921150jtun_nav2k7en80723009.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1216996030jtun_nav2k7en80724024.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217018702jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217030851jtun_80723049.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217082331jtun_nav2k7en80725003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217168613jtun_nav2k7en80726002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217255842jtun_nav2k7en80727004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217267862jtun_symltcom.x00.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217313990jtun_80725048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217341507jtun_nav2k7en80728003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217373349jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217392115jtun_80728039.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217404420jtun_enfwc372.373.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217425462jtun_nav2k7en80729005.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217483283jtun_80729040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217514644jtun_nav2k7en80730003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217569789jtun_80730038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217605619jtun_nav2k7en80731003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217641905jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217650401jtun_80731038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217694139jtun_nav2k7en80801004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217772453jtun_nav2k7en80802009.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217859385jtun_nav2k7en80803002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217886103jtun_coh32.rar.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217886497jtun_cohdata.rar.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217905918jtun_80801041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217945898jtun_nav2k7en80804003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1217981005jtun_80804041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218031302jtun_nav2k7en80805003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218055013jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218077880jtun_80805035.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218118696jtun_nav2k7en80806003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218185323jtun_80806040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218211339jtun_nav2k7en80807005.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218244485jtun_80807048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218291818jtun_nav2k7en80808004.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218378541jtun_nav2k7en80809002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218479709jtun_nav2k7en80810002.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218481624jtun_systemrestore.x00
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218485147jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218502089jtun_80808040.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218550973jtun_nav2k7en80811016.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218572564jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218601205jtun_80811038.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218636141jtun_nav2k7en80812003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218654228jtun_nisenidcurd25.x86.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218691397jtun_80812041.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218707972jtun_enfwc373.374.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218724711jtun_nav2k7en80813003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218765937jtun_80813048.skn.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218815231jtun_nav2k7en80814003.m25.full.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1218856418jtun_80814039.skn.full.zip