Solved Computer runs very slow

Beavet · 2010/09/03

[Resolved] Computer runs very slow

Hello, this computer runs super slow and I have it formated some months ago and I haven't installed almost any software...
Could you tell me if there is some malaware?

Thank you.

Here are the logs:

DDS (Ver_10-03-17.01) - NTFSx86
Run by BEEE at 13:05:41.73 on Fri 09/03/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.194 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\toshiba\ivp\netint\netint.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Documents and Settings\BEEE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [NDSTray.exe] NDSTray.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [TFncKy] TFncKy.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CFSServ.exe] CFSServ.exe -NoClient
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-14 214664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-6-10 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-6-10 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-6-10 144704]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-6-10 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-10 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-10 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-6-10 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-10 34248]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]

=============== Created Last 30 ================

2010-08-17 02:08:29 0 d-----w- c:\program files\Trend Micro
2010-08-13 12:29:28 0 d-sha-r- C:\cmdcons
2010-08-13 12:27:25 98816 ----a-w- c:\windows\sed.exe
2010-08-13 12:27:25 77312 ----a-w- c:\windows\MBR.exe
2010-08-13 12:27:25 256512 ----a-w- c:\windows\PEV.exe
2010-08-13 12:27:25 161792 ----a-w- c:\windows\SWREG.exe
2010-08-09 21:35:30 0 d-----w- c:\program files\Ganymede
2010-08-08 12:32:54 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-08-08 12:32:54 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2010-07-15 22:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

============= FINISH: 13:08:31.84 ===============

ATTACH.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/10/2010 7:56:09 PM
System Uptime: 9/3/2010 12:52:27 PM (1 hours ago)

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U1 | 798/mhz
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U1 | 798/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 64.351 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8/16/2010 7:33:38 PM - System Checkpoint
RP2: 8/16/2010 8:04:03 PM - Removed HiJackThis

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
Desktop Dialer
DVD-RAM Driver
FATE
GameDesire-Poker
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896243)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB917332)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 6
Mah Jong Quest
McAfee SecurityCenter
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Works
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
Otto
Penguins!
Picasa 2
Polar Bowler
Polar Golfer
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
SCRABBLE
SD Secure Module
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Skype Toolbars
Skypeâ„¢ 4.2
Sonic Encoders
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Game Console
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888622
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB914548
Windows XP Media Center Edition 2005 KB973768

==== End Of File ===========================

broni · 2010/09/03

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Beavet · 2010/09/04

Thank you
here are the logs

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4541

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

9/4/2010 12:39:51 PM
mbam-log-2010-09-04 (12-39-51).txt

Scan type: Quick scan
Objects scanned: 160464
Time elapsed: 21 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Beavet · 2010/09/04

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-04 15:23:43
Windows 5.1.2600 Service Pack 2
Running: exe.exe; Driver: C:\DOCUME~1\BEEE\LOCALS~1\Temp\fgtdqpow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA9F4578A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA9F45821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9F45738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA9F4574C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA9F45835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA9F45861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA9F458CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA9F458B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA9F457CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA9F458FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA9F4580D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA9F45710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA9F45724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA9F4579E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA9F45937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA9F458A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA9F4588D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA9F4584B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA9F45923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA9F4590F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA9F45776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA9F45762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA9F45877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9F457F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA9F458E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA9F457E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA9F457B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1716] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1716] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[2004] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 01370FA8
.text C:\WINDOWS\Explorer.EXE[2004] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 01370040
.text C:\WINDOWS\Explorer.EXE[2004] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01370065
.text C:\WINDOWS\Explorer.EXE[2004] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 0137002F
.text C:\WINDOWS\Explorer.EXE[2004] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 01370FEF
.text C:\WINDOWS\Explorer.EXE[2004] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01370FC3
.text C:\WINDOWS\Explorer.EXE[2004] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01370014
.text C:\WINDOWS\Explorer.EXE[2004] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01370FD4
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01AD0FEF
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 01AD0FDE
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 01AD0FCD
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 01AD0FBC
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 01AD0076
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01AD0F02
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01AD009B
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 01AD0EDD
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01AD0F49
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01AD0F2E
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01AD0028
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01AD0054
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01AD0F8B
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 01AD0043
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01AD0065
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01AD0F70
.text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 01AD0F1D
.text C:\WINDOWS\Explorer.EXE[2004] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01360FDE
.text C:\WINDOWS\Explorer.EXE[2004] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01360FEF
.text C:\WINDOWS\Explorer.EXE[2004] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01360033
.text C:\WINDOWS\Explorer.EXE[2004] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01360018
.text C:\WINDOWS\Explorer.EXE[2004] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01360FB2
.text C:\WINDOWS\Explorer.EXE[2004] msvcrt.dll!system 77C293C7 5 Bytes JMP 01360FC3
.text C:\WINDOWS\Explorer.EXE[2004] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 01350FEF
.text C:\WINDOWS\Explorer.EXE[2004] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 01350FD4
.text C:\WINDOWS\Explorer.EXE[2004] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 01350FAD
.text C:\WINDOWS\Explorer.EXE[2004] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 0135000A
.text C:\WINDOWS\Explorer.EXE[2004] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01340000
.text C:\WINDOWS\system32\dllhost.exe[3708] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00C0004A
.text C:\WINDOWS\system32\dllhost.exe[3708] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\dllhost.exe[3708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00FA8
.text C:\WINDOWS\system32\dllhost.exe[3708] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00C0005B
.text C:\WINDOWS\system32\dllhost.exe[3708] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\dllhost.exe[3708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\dllhost.exe[3708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\dllhost.exe[3708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00C10022
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00C1003D
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00C10F7E
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C10F50
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C100E9
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00C10104
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C100A9
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C100BA
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C10FC7
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C10069
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C10FAA
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00C1004E
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C1008E
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C10F99
.text C:\WINDOWS\system32\dllhost.exe[3708] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00C10F61
.text C:\WINDOWS\system32\dllhost.exe[3708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0FD2
.text C:\WINDOWS\system32\dllhost.exe[3708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\dllhost.exe[3708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF001D
.text C:\WINDOWS\system32\dllhost.exe[3708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF000C
.text C:\WINDOWS\system32\dllhost.exe[3708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0F9C
.text C:\WINDOWS\system32\dllhost.exe[3708] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0FAD
.text C:\WINDOWS\system32\dllhost.exe[3708] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\lsass.exe[976] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00D70FB9
.text C:\WINDOWS\system32\lsass.exe[976] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00D70F9E
.text C:\WINDOWS\system32\lsass.exe[976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D70F8D
.text C:\WINDOWS\system32\lsass.exe[976] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00D70040
.text C:\WINDOWS\system32\lsass.exe[976] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\lsass.exe[976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D70025
.text C:\WINDOWS\system32\lsass.exe[976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D70FD4
.text C:\WINDOWS\system32\lsass.exe[976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D70014
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00D8001B
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00D80036
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00D80FA3
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D800F8
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D80109
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00D80F4B
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D80F92
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D80F81
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D80FD4
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D80076
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D80087
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00D8005B
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D80098
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D800A9
.text C:\WINDOWS\system32\lsass.exe[976] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00D80F70
.text C:\WINDOWS\system32\lsass.exe[976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D60FC1
.text C:\WINDOWS\system32\lsass.exe[976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\lsass.exe[976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D6000C
.text C:\WINDOWS\system32\lsass.exe[976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D60FD2
.text C:\WINDOWS\system32\lsass.exe[976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D60031
.text C:\WINDOWS\system32\lsass.exe[976] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D60F9C
.text C:\WINDOWS\system32\lsass.exe[976] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\services.exe[964] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00060076
.text C:\WINDOWS\system32\services.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00060FD4
.text C:\WINDOWS\system32\services.exe[964] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[964] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[964] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[964] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00060036
.text C:\WINDOWS\system32\services.exe[964] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060051
.text C:\WINDOWS\system32\services.exe[964] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00070014
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 000700AE
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F68
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070101
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00070F4D
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 000700BF
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 000700DC
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0007004A
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070FB9
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070076
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0007005B
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F9E
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070093
.text C:\WINDOWS\system32\services.exe[964] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070F79
.text C:\WINDOWS\system32\services.exe[964] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FC1
.text C:\WINDOWS\system32\services.exe[964] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[964] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FA6
.text C:\WINDOWS\system32\services.exe[964] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050FD2
.text C:\WINDOWS\system32\services.exe[964] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050027
.text C:\WINDOWS\system32\services.exe[964] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050016
.text C:\WINDOWS\system32\services.exe[964] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 008E0FB2
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 008E0043
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008E0054
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 008E0F97
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [AE, 88]
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 008E000A
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008E0FDE
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008E0FC3
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00CE0FD4
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00CE0014
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00CE0025
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00CE0082
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CE00CB
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CE00E6
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00CE00F7
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CE009F
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CE00BA
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CE0036
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CE0F94
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CE0F83
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00CE0FAF
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CE005D
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CE0F72
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00CE0F57
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D002E
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D000C
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0FD9
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D001D
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0050
.text C:\WINDOWS\system32\svchost.exe[1140] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D003F
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008C0000
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00800051
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 0080007D
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0080008E
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00800062
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0080002C
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00800FDB
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00800011
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00810FEF
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00810FDE
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00810025
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00810065
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008100A2
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00810F09
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00810EF8
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00810F3A
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00810076
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00810FAF
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00810F8D
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0081004A
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00810F9E
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00810F66
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00810F55
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00810087
.text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007F0FD7
.text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007F0000
.text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007F002C
.text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007F0011
.text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007F0051
.text C:\WINDOWS\system32\svchost.exe[1244] msvcrt.dll!system 77C293C7 5 Bytes JMP 007F0FC6
.text C:\WINDOWS\system32\svchost.exe[1244] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 02470014
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 02470F8D
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02470F72
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 0247002F
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 02470FEF
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02470FC3
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02470FA8
.text C:\WINDOWS\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02470FD4
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02480000
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 02480FE5
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 02480011
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 02480FCA
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 024800AE
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 024800E4
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 024800F5
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 02480110
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02480F77
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02480F5C
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02480FB9
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02480F9E
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0248005B
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 02480040
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02480078
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02480093
.text C:\WINDOWS\System32\svchost.exe[1300] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 024800C9
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02460022
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02460000
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02460033
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02460011
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02460058
.text C:\WINDOWS\System32\svchost.exe[1300] msvcrt.dll!system 77C293C7 5 Bytes JMP 02460FCD
.text C:\WINDOWS\System32\svchost.exe[1300] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 01F50000
.text C:\WINDOWS\System32\svchost.exe[1300] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 01F5001B
.text C:\WINDOWS\System32\svchost.exe[1300] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 01F5002C
.text C:\WINDOWS\System32\svchost.exe[1300] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 01F50FEF
.text C:\WINDOWS\System32\svchost.exe[1300] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01F40000
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 007D0FA5
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 007D0022
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007D0F65
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 007D0F8A
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [9D, 88]
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 007D0FE5
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007D0000
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007D0011
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007D0FD4
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007E0FEF
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 007E0FCA
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 007E001B
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 007E0098
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007E00C6
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007E0F2D
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007E0F08
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007E00A9
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007E0F63
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007E0040
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007E0051
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007E0062
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007E0FB9
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007E007D
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007E0F88
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007E0F52
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007C0038
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007C0FE3
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007C0011
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007C005D
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 007C0FC8
.text C:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00950FCD
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 0095006F
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00950FB2
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 00950054
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 00950000
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0095002F
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00950FDE
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00950FEF
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00960000
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00960FD4
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00960FAF
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0096006C
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009600BD
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00960F2E
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00960F13
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00960087
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00960F3F
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00960F9E
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00960F7C
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0096002F
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00960F8D
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00960040
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0096005B
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 009600A2
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0094000C
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00940FE3
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00940027
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00940FD2
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00940053
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!system 77C293C7 5 Bytes JMP 00940038
.text C:\WINDOWS\system32\svchost.exe[1596] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 00700058
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 00700069
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00700084
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 00700FC7
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [90, 88]
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 0070000A
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00700036
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00700047
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0070001B
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00710011
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00710FDB
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00710FB6
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0071009A
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00710F43
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00710F1E
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00710F03
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007100B7
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00710F65
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0071002C
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00710047
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00710062
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00710FA5
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0071007F
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00710F80
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00710F54
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006F0FE3
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006F001B
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006F0FD2
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006F0047
.text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!system 77C293C7 5 Bytes JMP 006F002C
.text C:\WINDOWS\system32\svchost.exe[1640] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006E0FE5
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 007C0FC3
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 007C0F8D
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 007C0040
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 007C0F9E
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [9C, 88]

Beavet · 2010/09/04

.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 007C0FEF
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 007C0FDE
.text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 007C0025
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007D000A
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 007D001B
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 007D002C
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 007D0F74
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007D0F3B
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007D0F20
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007D00D4
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007D00A1
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007D00B2
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007D0FC0
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007D0FA5
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007D0058
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007D0047
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007D0069
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007D0084
.text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007D00C3
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007B0FCD
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007B0FB2
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007B0FDE
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007B0FA1
.text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!system 77C293C7 5 Bytes JMP 007B002C
.text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenA 771C57BE 5 Bytes JMP 007A0FE5
.text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenUrlA 771C5A8A 5 Bytes JMP 007A0027
.text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenUrlW 771D5C0F 5 Bytes JMP 007A0FD4
.text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenW 771BAF6D 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1996] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\wuauclt.exe[2816] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 024E0076
.text C:\WINDOWS\system32\wuauclt.exe[2816] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 024E0FE5
.text C:\WINDOWS\system32\wuauclt.exe[2816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024E0098
.text C:\WINDOWS\system32\wuauclt.exe[2816] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 5 Bytes JMP 024E0087
.text C:\WINDOWS\system32\wuauclt.exe[2816] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 024E0000
.text C:\WINDOWS\system32\wuauclt.exe[2816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024E0040
.text C:\WINDOWS\system32\wuauclt.exe[2816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024E005B
.text C:\WINDOWS\system32\wuauclt.exe[2816] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024E001B
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 024F0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 024F0FDE
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 024F0014
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 024F0FC3
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 024F0071
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 024F0F1A
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 024F00B3
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 024F00C4
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 024F0F46
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 024F008E
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 024F002F
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 024F0F97
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 024F004A
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 024F0FA8
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 024F0F7C
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 024F0F57
.text C:\WINDOWS\system32\wuauclt.exe[2816] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 024F0F2B
.text C:\WINDOWS\system32\wuauclt.exe[2816] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024D0000
.text C:\WINDOWS\system32\wuauclt.exe[2816] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024D0FEF
.text C:\WINDOWS\system32\wuauclt.exe[2816] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024D0011
.text C:\WINDOWS\system32\wuauclt.exe[2816] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024D0FC6
.text C:\WINDOWS\system32\wuauclt.exe[2816] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024D002C
.text C:\WINDOWS\system32\wuauclt.exe[2816] msvcrt.dll!system 77C293C7 5 Bytes JMP 024D0F97
.text C:\WINDOWS\system32\wuauclt.exe[2816] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 024C0000
.text C:\WINDOWS\system32\wuauclt.exe[3232] ADVAPI32.dll!RegCreateKeyA 77DFBCDB 5 Bytes JMP 002A000A
.text C:\WINDOWS\system32\wuauclt.exe[3232] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 5 Bytes JMP 002A0025
.text C:\WINDOWS\system32\wuauclt.exe[3232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0040
.text C:\WINDOWS\system32\wuauclt.exe[3232] ADVAPI32.dll!RegCreateKeyW 77DFBA3D 2 Bytes JMP 002A0F83
.text C:\WINDOWS\system32\wuauclt.exe[3232] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA40 2 Bytes [4A, 88]
.text C:\WINDOWS\system32\wuauclt.exe[3232] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0F9E
.text C:\WINDOWS\system32\wuauclt.exe[3232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0076
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0091
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0EEE
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B0EDD
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F4B
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F2E
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B005B
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F9E
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F77
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F66
.text C:\WINDOWS\system32\wuauclt.exe[3232] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B0F13
.text C:\WINDOWS\system32\wuauclt.exe[3232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290022
.text C:\WINDOWS\system32\wuauclt.exe[3232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\wuauclt.exe[3232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0029003D
.text C:\WINDOWS\system32\wuauclt.exe[3232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290011
.text C:\WINDOWS\system32\wuauclt.exe[3232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290062
.text C:\WINDOWS\system32\wuauclt.exe[3232] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FCD

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!NtCreateFile 8057426F 5 Bytes JMP A9F4578E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 805818BD 7 Bytes JMP A9F457CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8057C987 5 Bytes JMP A9F45714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8059AEDA 5 Bytes JMP A9F45728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 80574FD7 5 Bytes JMP A9F45766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80578902 5 Bytes JMP A9F45825 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B4088 5 Bytes JMP A9F4573C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058C938 7 Bytes JMP A9F45750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 8059F887 7 Bytes JMP A9F45839 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 8059E4A6 7 Bytes JMP A9F45865 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80579A7E 7 Bytes JMP A9F458D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8058B132 7 Bytes JMP A9F458BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8059ABF8 5 Bytes JMP A9F458FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572A3B 5 Bytes JMP A9F45811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057C5B8 7 Bytes JMP A9F457A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 8057967E 7 Bytes JMP A9F4593B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 806556AD 7 Bytes JMP A9F458A7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80572DAD 7 Bytes JMP A9F45891 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 80655AF3 7 Bytes JMP A9F4584F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 80655FE6 5 Bytes JMP A9F45927 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 80654AF6 5 Bytes JMP A9F45913 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8063571B 5 Bytes JMP A9F4577A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 8057D4EE 7 Bytes JMP A9F4587B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058F7FD 5 Bytes JMP A9F457FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80654DCB 7 Bytes JMP A9F458E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80581445 5 Bytes JMP A9F457E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntoskrnl.exe!ZwYieldExecution 80509094 7 Bytes JMP A9F457B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Beavet · 2010/09/04

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF8A43000 \WINDOWS\system32\KDCOM.DLL
0xF8953000 \WINDOWS\system32\BOOTVID.dll
0xF84F4000 ACPI.sys
0xF8A45000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84E3000 pci.sys
0xF8543000 isapnp.sys
0xF8553000 ohci1394.sys
0xF8563000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF8957000 compbatt.sys
0xF895B000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8B0B000 pciide.sys
0xF87C3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF84C5000 pcmcia.sys
0xF8573000 MountMgr.sys
0xF84A6000 ftdisk.sys
0xF8A47000 dmload.sys
0xF8480000 dmio.sys
0xF895F000 ACPIEC.sys
0xF8B0C000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF87CB000 PartMgr.sys
0xF8583000 VolSnap.sys
0xF8468000 atapi.sys
0xF8593000 disk.sys
0xF85A3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8449000 fltMgr.sys
0xF8437000 sr.sys
0xF87D3000 PxHelp20.sys
0xF8420000 KSecDD.sys
0xF8393000 Ntfs.sys
0xF8366000 NDIS.sys
0xF834B000 Mup.sys
0xF85B3000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF85D3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF89E7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF81E6000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF81D2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF81AD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF8199000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF7FF8000 \SystemRoot\system32\DRIVERS\NETw3x32.sys
0xF8813000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7FD5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF881B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF85E3000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0xF7FC2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7FAF000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
0xF85F3000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0xF8603000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF882B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7F80000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF8A51000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF883B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF89F7000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0xF8613000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF884B000 \SystemRoot\system32\drivers\iviaspi.sys
0xF8A03000 \SystemRoot\system32\drivers\pfc.sys
0xF8623000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8633000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7F5D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8C68000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF86E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8A27000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7F1E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF86F3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8703000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF88F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7F0D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8713000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8903000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8913000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7EDC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8723000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8A57000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7EA8000 \SystemRoot\system32\DRIVERS\update.sys
0xF831F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8317000 \SystemRoot\system32\DRIVERS\tbiosdrv.sys
0xF8A59000 \SystemRoot\system32\DRIVERS\NBSMI.sys
0xF8733000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA36D000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA34B000 \SystemRoot\system32\drivers\portcls.sys
0xF8753000 \SystemRoot\system32\drivers\drmk.sys
0xF8763000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF892B000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF893B000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF8773000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xAA230000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF894B000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8793000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A65000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B4E000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A69000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8853000 \SystemRoot\System32\drivers\vga.sys
0xF8A6D000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A71000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAA1A7000 \SystemRoot\System32\Drivers\meiudf.sys
0xAA196000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF886B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8873000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8A1F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA183000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA12B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA104000 \SystemRoot\System32\Drivers\Mpfp.sys
0xAA0E3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF87A3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF87B3000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xF85C3000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAA0BB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA099000 \SystemRoot\System32\drivers\afd.sys
0xF8643000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9FCE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9F5F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA9F2C000 \SystemRoot\system32\drivers\mfehidk.sys
0xF8653000 \SystemRoot\System32\Drivers\Fips.SYS
0xF86A3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9EEC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A7F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA218000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88DB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C11000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF021000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF043000 \SystemRoot\System32\ialmdev5.DLL
0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9D93000 \SystemRoot\system32\DRIVERS\tdudf.sys
0xF890B000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA9DC8000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA9D83000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9D7B000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xA9B0E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8AE3000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xA99DD000 \SystemRoot\System32\Drivers\HTTP.sys
0xA98BE000 \SystemRoot\system32\DRIVERS\srv.sys
0xF888B000 \SystemRoot\system32\drivers\mfebopk.sys
0xA90B4000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA922E000 \SystemRoot\system32\drivers\mfesmfk.sys
0xA904F000 \SystemRoot\system32\drivers\wdmaud.sys
0xA96E6000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8A95000 \SystemRoot\system32\drivers\splitter.sys
0xA902C000 \SystemRoot\system32\drivers\aec.sys
0xA95EE000 \SystemRoot\system32\drivers\swmidi.sys
0xA9406000 \SystemRoot\system32\drivers\DMusic.sys
0xA8F62000 \SystemRoot\system32\drivers\kmixer.sys
0xF8BCA000 \SystemRoot\system32\drivers\drmkaud.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
832 C:\WINDOWS\system32\smss.exe
888 csrss.exe
916 C:\WINDOWS\system32\winlogon.exe
960 C:\WINDOWS\system32\services.exe
972 C:\WINDOWS\system32\lsass.exe
1132 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1296 C:\WINDOWS\system32\svchost.exe
1368 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1424 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1592 svchost.exe
1628 svchost.exe
1916 C:\WINDOWS\system32\spoolsv.exe
1992 svchost.exe
2024 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
124 C:\WINDOWS\system32\DVDRAMSV.exe
164 C:\WINDOWS\ehome\ehrecvr.exe
224 C:\WINDOWS\ehome\ehSched.exe
404 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
516 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
860 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
1576 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1700 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1812 C:\Program Files\McAfee\MPF\MpfSrv.exe
228 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
680 svchost.exe
772 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
1320 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
1384 C:\WINDOWS\system32\TODDSrv.exe
1488 mcrdsvc.exe
2996 C:\WINDOWS\system32\dllhost.exe
3272 alg.exe
1340 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
1736 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
2596 C:\WINDOWS\explorer.exe
2988 C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
3024 C:\WINDOWS\system32\wuauclt.exe
3104 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
3140 C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
3300 C:\WINDOWS\system32\ctfmon.exe
2164 C:\WINDOWS\RTHDCPL.exe
2848 C:\WINDOWS\system32\igfxtray.exe
3388 wmiprvse.exe
3396 C:\WINDOWS\system32\hkcmd.exe
3420 C:\WINDOWS\system32\igfxpers.exe
3444 C:\WINDOWS\ehome\ehtray.exe
3528 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3576 C:\Program Files\ltmoh\ltmoh.exe
3588 C:\WINDOWS\ehome\ehmsas.exe
2408 C:\WINDOWS\agrsmmsg.exe
192 C:\Program Files\Synaptics\SynTP\Toshiba.exe
3536 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
3904 C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
2912 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
3116 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
2000 C:\TOSHIBA\IVP\ISM\pinger.exe
4056 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2368 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
1120 C:\Program Files\QuickTime\qttask.exe
2492 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
1532 C:\WINDOWS\system32\RAMASST.exe
3364 C:\WINDOWS\system32\TPSBattM.exe
3168 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
252 C:\Program Files\Internet Explorer\IEXPLORE.EXE
3468 C:\Documents and Settings\BEEE\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK8032GSX, Rev: AS111G

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528

Done!

broni · 2010/09/04

All looks clean, so far....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Beavet · 2010/09/04

To download combofix, do I unable the antivirus or that should be done later... there some messages of trojans in my antivirus when i try to download it...

broni · 2010/09/04

Yeah, McAfee is known for disliking Combofix (they'll never learn, will they?)
Disable it before downloading.

Beavet · 2010/09/05

ok, here are the log

ComboFix 10-09-04.06 - BEEE 09/05/2010 10:34:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.170 [GMT -7:00]
Running from: c:\documents and settings\BEEE\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-04 19:16 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 19:16 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-04 19:16 . 2010-09-04 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 02:08 . 2010-08-17 02:08 -------- d-----w- c:\program files\Trend Micro
2010-08-13 23:04 . 2010-08-13 23:04 -------- d-----w- c:\windows\Sun
2010-08-09 21:35 . 2010-08-09 21:42 -------- d-----w- c:\documents and settings\Fely\Application Data\GanymedeNet
2010-08-09 21:35 . 2010-08-09 21:35 -------- d-----w- c:\program files\Ganymede
2010-08-08 12:32 . 2004-08-04 06:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-08-08 12:32 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 04:41 . 2010-06-10 18:45 -------- d-----w- c:\documents and settings\BEEE\Application Data\Skype
2010-08-17 03:37 . 2010-06-10 18:45 -------- d-----w- c:\documents and settings\BEEE\Application Data\skypePM
2010-07-25 11:54 . 2006-07-20 01:54 -------- d-----w- c:\program files\McAfee
2010-07-15 22:18 . 2010-06-10 18:55 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-14 14:30 . 2006-07-19 02:35 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 02:54 . 2010-06-11 02:54 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-06-10 18:45 . 2010-06-10 18:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-08-13_12.37.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-19 02:40 . 2010-09-05 17:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-07-19 02:40 . 2010-08-13 09:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-08-13 22:04 . 2010-09-05 17:32 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-07-19 02:40 . 2010-08-13 09:03 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe "= "CFSServ.exe -NoClient" [X]
"THotkey "= "c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"SkyTel "= "SkyTel.EXE" [2006-05-16 2879488]
"NDSTray.exe "= "NDSTray.exe" [BU]
"DDWMon "= "c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"RTHDCPL "= "RTHDCPL.EXE" [2006-08-23 16050688]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"LtMoh "= "c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"AGRSMMSG "= "AGRSMMSG.exe" [2006-03-18 89541]
"TPSMain "= "TPSMain.exe" [2005-06-01 282624]
"PadTouch "= "c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"TFncKy "= "TFncKy.exe" [BU]
"Tvs "= "c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"SmoothView "= "c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 700416]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-07-20 98304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/10/2010 11:59 AM 93320]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 11:50 AM 98816]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-10 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-10 19:22]

2010-06-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-06-10 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 10:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2010-09-05 10:45:44
ComboFix-quarantined-files.txt 2010-09-05 17:45

Pre-Run: 69,056,962,560 bytes free
Post-Run: 69,267,050,496 bytes free

- - End Of File - - 7A82D01A4CCC890EEEBD65E344277619

broni · 2010/09/05

Nothing here, either...

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Beavet · 2010/09/06

I'm glad all looks clean...
EXTRAS:

OTL Extras logfile created on: 9/6/2010 1:28:02 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\BEEE\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 71.00 Mb Available Physical Memory | 14.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 64.52 Gb Free Space | 86.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEE
Current User Name: BEEE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}" = Toshiba Media Center Game Console
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Desktop Dialer" = Desktop Dialer
"GameDesire-Poker" = GameDesire-Poker
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"Picasa2" = Picasa 2
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"WT004723" = Blasterball 2 Revolution
"WT004829" = Polar Golfer
"WT006066" = FATE
"WT006448" = Blackhawk Striker 2
"WT006527" = Polar Bowler
"WT009503" = Penguins!
"WT009952" = Chuzzle Deluxe
"WT009953" = Mah Jong Quest
"WT009954" = SCRABBLE
"WT010043" = Bejeweled 2 Deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2010 10:06:26 PM | Computer Name = BEE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/16/2010 10:06:26 PM | Computer Name = BEE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/16/2010 10:06:27 PM | Computer Name = BEE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/16/2010 10:06:27 PM | Computer Name = BEE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/16/2010 10:06:27 PM | Computer Name = BEE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/16/2010 10:06:27 PM | Computer Name = BEE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/3/2010 3:54:28 PM | Computer Name = BEE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/3/2010 3:54:28 PM | Computer Name = BEE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/5/2010 1:42:29 PM | Computer Name = BEE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x715b9d8b.

Error - 9/5/2010 1:44:53 PM | Computer Name = BEE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x715b9d8b.

[ System Events ]
Error - 8/13/2010 10:28:15 PM | Computer Name = BEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/13/2010 10:28:22 PM | Computer Name = BEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/13/2010 10:28:29 PM | Computer Name = BEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/13/2010 10:28:36 PM | Computer Name = BEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/13/2010 10:28:43 PM | Computer Name = BEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/13/2010 10:28:50 PM | Computer Name = BEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/13/2010 10:28:56 PM | Computer Name = BEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/13/2010 10:29:03 PM | Computer Name = BEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/13/2010 10:29:04 PM | Computer Name = BEE | Source = DCOM | ID = 10010
Description = The server {B2B3C70A-B20F-40B7-90C5-EA7E946C16E0} did not register
with DCOM within the required timeout.

Error - 8/16/2010 10:10:19 PM | Computer Name = BEE | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{410D8AD4-45F6-4169-B64D-4BA6586147A6}. The
backup browser is stopping.

< End of report >

Beavet · 2010/09/06

OTL:

OTL logfile created on: 9/6/2010 1:28:02 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\BEEE\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 71.00 Mb Available Physical Memory | 14.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 43.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 64.52 Gb Free Space | 86.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEE
Current User Name: BEEE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/06 01:27:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BEEE\Desktop\OTL.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2006/08/02 16:52:46 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/03 01:07:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/07/03 00:57:04 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/07/02 21:57:12 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/07/02 21:50:32 | 000,700,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/07/02 21:49:10 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/07/02 21:42:14 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/04/25 17:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/03/16 13:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/03/02 15:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 16:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 12:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/12/16 02:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/05 22:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/05/31 20:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 16:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 00:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/28 00:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/10/20 09:37:58 | 000,475,136 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\Ivpsvmgr.exe

========== Modules (SafeList) ==========

MOD - [2010/09/06 01:27:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BEEE\Desktop\OTL.exe
MOD - [2004/08/10 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/10 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/24 13:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/02/17 16:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2006/07/02 21:57:12 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/07/02 21:49:10 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/07/02 21:42:14 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 16:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SYSPREP\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\BEEE\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2006/08/25 16:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/23 20:37:50 | 004,374,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/22 10:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/07/19 19:40:20 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/07/13 10:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/07/02 23:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/02 05:00:46 | 001,706,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006/06/28 16:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/28 11:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 16:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/05 03:12:54 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/03/18 07:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 18:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/03/02 15:46:54 | 000,191,968 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/10/20 14:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 15:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/02 03:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/18 04:27:06 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.42.230.24 62.42.63.52
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\BEEE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BEEE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 19:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 90 Days ==========

File not found -- C:\Documents and Settings\BEEE\Desktop\ComboFix.exe
[2010/09/06 01:25:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BEEE\Desktop\OTL.exe
[2010/09/04 12:16:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/04 12:16:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/04 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/04 12:13:45 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\BEEE\Desktop\mbam-setup-1.46.exe
[2010/08/16 19:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/13 16:04:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/13 16:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\Sun
[2010/08/13 05:29:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/13 05:27:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/13 05:27:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/13 05:27:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/13 05:27:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/13 05:27:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/13 05:24:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/09 14:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ganymede
[2010/07/18 06:07:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/06/29 01:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Local Settings\Application Data\WMTools Downloaded Files
[2010/06/29 01:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\U3
[2010/06/18 03:12:31 | 000,000,000 | ---D | C] -- C:\5154ac26efa10cbcfcb2
[2010/06/18 03:10:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/06/18 03:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/18 03:09:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/06/18 03:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/06/18 03:08:52 | 000,000,000 | ---D | C] -- C:\363691587e5e9fd39b24f83527b370
[2010/06/18 03:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/06/18 02:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\AdobeUM
[2010/06/17 09:57:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/06/13 10:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\Malwarebytes
[2010/06/13 10:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/12 20:56:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/12 20:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/12 17:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Local Settings\Application Data\Identities
[2010/06/12 13:27:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\BEEE\UserData
[2010/06/12 05:15:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/11 10:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/10 21:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/06/10 21:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Desktop\TOSH
[2010/06/10 20:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\McAfee.com Personal Firewall
[2010/06/10 19:57:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\BEEE\Application Data\Microsoft
[2010/06/10 19:57:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\BEEE\Cookies
[2010/06/10 19:57:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BEEE\SendTo
[2010/06/10 19:57:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BEEE\Recent
[2010/06/10 19:57:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BEEE\Application Data
[2010/06/10 19:57:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BEEE\Start Menu
[2010/06/10 19:57:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BEEE\My Documents\My Videos
[2010/06/10 19:57:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BEEE\My Documents\My Pictures
[2010/06/10 19:57:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BEEE\My Documents\My Music
[2010/06/10 19:57:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BEEE\My Documents
[2010/06/10 19:57:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BEEE\Favorites
[2010/06/10 19:57:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\BEEE\Templates
[2010/06/10 19:57:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\BEEE\PrintHood
[2010/06/10 19:57:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\BEEE\NetHood
[2010/06/10 19:57:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\BEEE\Local Settings
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\You've Got Pictures Screensaver
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Local Settings\Application Data\Yahoo
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\WINDOWS
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Local Settings\Application Data\Wildtangent
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\toshiba
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\My Documents\My Google Gadgets
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Local Settings\Application Data\Microsoft
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\Intel
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\Identities
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Local Settings\Application Data\Google
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Desktop
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Local Settings\Application Data\ApplicationHistory
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\AOL
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Local Settings\Application Data\Adobe
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\Adobe
[2010/06/10 19:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/06/10 19:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/06/10 19:53:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/06/10 19:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2010/06/10 19:37:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/06/10 11:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2010/06/10 11:56:02 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/06/10 11:56:01 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/06/10 11:56:01 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/06/10 11:55:56 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/06/10 11:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/06/10 11:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/06/10 11:52:43 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/06/10 11:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\skypePM
[2010/06/10 11:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\Skype
[2010/06/10 11:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/06/10 11:44:39 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/06/10 11:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/06/10 11:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BEEE\Application Data\Macromedia
[2010/06/10 11:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2006/07/19 15:49:10 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 90 Days ==========

[2010/09/06 01:27:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BEEE\Desktop\OTL.exe
[2010/09/06 01:26:23 | 000,008,129 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/09/05 10:45:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 10:42:18 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/04 15:38:03 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\BEEE\Desktop\MBRCheck.exe
[2010/09/04 15:25:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/04 15:25:04 | 526,438,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/04 12:54:38 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\BEEE\NTUSER.DAT
[2010/09/04 12:45:15 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\BEEE\Desktop\exe.exe
[2010/09/04 12:16:29 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 12:13:45 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\BEEE\Desktop\mbam-setup-1.46.exe
[2010/09/03 13:05:30 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\BEEE\Desktop\dds.scr
[2010/09/03 13:00:48 | 000,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver
[2010/09/03 12:52:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/16 21:41:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\BEEE\ntuser.ini
[2010/08/16 21:29:48 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/16 19:20:53 | 004,306,938 | -H-- | M] () -- C:\Documents and Settings\BEEE\Local Settings\Application Data\IconCache.db
[2010/08/13 05:29:34 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/18 03:11:14 | 000,504,314 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/18 03:11:14 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/18 03:11:14 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/06/29 01:48:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/29 01:42:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ToDisc.INI
[2010/06/18 03:14:41 | 000,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 20:55:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\BEEE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/10 20:11:20 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/10 20:10:54 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/06/10 19:59:02 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\BEEE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/10 19:58:53 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\BEEE\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/06/10 19:56:09 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/10 19:55:14 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/06/10 19:53:44 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/06/10 19:48:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/06/10 19:45:29 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2010/06/10 19:45:24 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/06/10 11:55:39 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/06/10 11:55:36 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/06/10 11:45:38 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/10 11:31:52 | 000,046,784 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF

========== Files Created - No Company Name ==========

[2010/09/04 15:37:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\BEEE\Desktop\MBRCheck.exe
[2010/09/04 12:44:45 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\BEEE\Desktop\exe.exe
[2010/09/04 12:16:28 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/03 13:04:56 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\BEEE\Desktop\dds.scr
[2010/08/13 05:29:34 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/08/13 05:29:29 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/13 05:27:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/13 05:27:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/13 05:27:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/13 05:27:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/13 05:27:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/18 11:30:29 | 526,438,400 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/01 04:54:58 | 000,002,838 | ---- | C] () -- C:\WINDOWS\machine.ver
[2010/06/29 01:42:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2010/06/10 20:10:54 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/06/10 19:58:10 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\BEEE\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/06/10 19:58:10 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\BEEE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/10 19:58:10 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\BEEE\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/06/10 19:58:09 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\BEEE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/10 19:58:09 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\BEEE\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/06/10 19:58:05 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\BEEE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 19:58:05 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\BEEE\Local Settings\Application Data\fusioncache.dat
[2010/06/10 19:57:32 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\BEEE\ntuser.dat.LOG
[2010/06/10 19:57:32 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\BEEE\ntuser.ini
[2010/06/10 19:57:31 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\BEEE\NTUSER.DAT
[2010/06/10 19:55:14 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/06/10 19:55:14 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/06/10 19:48:06 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/06/10 19:45:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/06/10 12:00:18 | 000,008,129 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/10 11:55:38 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/06/10 11:55:36 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/06/10 11:45:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/10 11:44:41 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2006/08/31 14:27:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/11 14:33:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/11 14:33:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/11 14:33:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/11 14:33:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/11 14:33:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/11 14:33:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/19 17:51:22 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/07/19 17:51:22 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/07/19 16:18:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/07/19 16:02:31 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/07/19 16:01:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/07/19 16:01:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/07/19 16:01:55 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/07/19 16:01:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/07/19 15:49:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/07/18 19:44:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/18 19:32:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/07/18 17:52:17 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/18 17:48:33 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/07/18 17:48:33 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/07/18 17:48:33 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/07/18 17:48:33 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/07/18 17:48:33 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/07/18 17:47:49 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/09/02 14:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 15:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/07/19 19:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/19 16:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/06/10 20:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2006/07/19 16:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEEE\Application Data\toshiba
[2010/06/10 11:55:39 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/06/10 11:55:36 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/07/18 19:37:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/10 19:53:44 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/08/13 05:29:34 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/09/05 10:45:49 | 000,009,138 | ---- | M] () -- C:\ComboFix.txt
[2006/07/18 19:37:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/04/24 16:02:46 | 000,219,780 | ---- | M] () -- C:\EULA.pdf
[2010/09/04 15:25:04 | 526,438,400 | -HS- | M] () -- C:\hiberfil.sys
[2006/07/18 19:37:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/19 19:41:40 | 000,001,206 | -H-- | M] () -- C:\IPH.PH
[2006/07/18 19:37:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/10 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/09/04 15:25:03 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/25 21:20:27 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2010/04/16 08:20:18 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/04/16 08:20:18 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/07/18 12:27:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/07/18 12:27:17 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/07/18 12:27:17 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2005/03/02 11:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/10 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/10 05:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

broni · 2010/09/06

Your computer would definitely benefit from adding another 512MB of RAM.

=================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [TFncKy] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2006/07/19 19:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Beavet · 2010/09/06

Thank you, so most of the problem with the computer being slow is the RAM...

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFncKy deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: BEEE
->Temp folder emptied: 9940449 bytes
->Temporary Internet Files folder emptied: 5015736 bytes
->Java cache emptied: 223849 bytes
->Flash cache emptied: 689 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fely
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: BEEE
->Flash cache emptied: 0 bytes

User: Default User

User: Fely
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 09062010_124203

Files\Folders moved on Reboot...
C:\Documents and Settings\BEEE\Local Settings\Temp\~DFEA67.tmp moved successfully.
C:\Documents and Settings\BEEE\Local Settings\Temporary Internet Files\Content.IE5\GNUY6GI7\CA324ZND.com moved successfully.
C:\Documents and Settings\BEEE\Local Settings\Temporary Internet Files\Content.IE5\GNUY6GI7\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\BEEE\Local Settings\Temporary Internet Files\Content.IE5\0723M56V\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.

Registry entries deleted on Reboot...

Beavet · 2010/09/06

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee SecurityCenter
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

broni · 2010/09/06

We're not done here yet, but by now, your computer should be pretty much clean, so adding some more RAM would definitely help.

broni · 2010/09/06

When we're done with Kaspersky, we'll make sure to install SP3 and update IE to at least version 7.

Also...

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

Beavet · 2010/09/07

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 7, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 06, 2010 18:13:25
Records in database: 4199491
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 57801
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:19:11

No threats found. Scanned area is clean.

Selected area has been scanned.

broni · 2010/09/07

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including SP3 and at least ver. 7 of IE)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

Log in or Sign up

Solved Computer runs very slow

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

Beavet Inactive Thread Starter

Beavet Inactive Thread Starter

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Computer runs very slow

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

Beavet Inactive Thread Starter

Beavet Inactive Thread Starter

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Beavet Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches