1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Computer acting up

Discussion in 'Malware and Virus Removal Archive' started by Fredx, 2010/10/17.

Page 3 of 4
  1. 2010/10/28
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    I've been on vacation and haven't used my computer in about 5 day. But, Firefox is still acting up. It's still crashing.

    Someone in my family could have possible used my computer because it was turned on when I got home. They might have given me a virus again.

    This stinks :(
     
    Fredx,
    #41
  2. 2010/10/28
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    Also my virus scan wont stay on again. It's off right now
     
    Fredx,
    #42


  3. to hide this advert.

  4. 2010/10/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I suggest, you set up some password, so nobody, but you can use your computer.
    Otherwise, we'll run in circles.

    We need to re-run some scans.

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #43
  5. 2010/10/29
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4862

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/29/2010 2:48:39 AM
    mbam-log-2010-10-29 (02-48-39).txt

    Scan type: Quick scan
    Objects scanned: 146813
    Time elapsed: 8 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    Fredx,
    #44
  6. 2010/10/29
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-29 04:00:30
    Windows 5.1.2600 Service Pack 3
    Running: 2rv2sbuu[1].exe; Driver: C:\DOCUME~1\Freddie\LOCALS~1\Temp\aftirkob.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF743E090]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF743E0A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF743E0D0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF743E126]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF743E07C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF743E054]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF743E068]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF743E0BA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF743E0FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF743E0E6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF743E150]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF743E13C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF743E110]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0015000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150025
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270090
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270075
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270064
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270047
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F74
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002700BC
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F37
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F48
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700F5
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270036
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FDB
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002700AB
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270011
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00270F63
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360039
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360076
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360065
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0036000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00360FCD
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [56, 88]
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036004A
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370064
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370049
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0037002E
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FD9
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370011
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01AD000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01AD001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01AD0FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01AD0FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[704] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01E40FE5
    .text C:\Program Files\Mozilla Firefox\firefox.exe[788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\WINDOWS\Explorer.EXE[820] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DE0FEF
    .text C:\WINDOWS\Explorer.EXE[820] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DE0FC3
    .text C:\WINDOWS\Explorer.EXE[820] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DE0FDE
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0FEF
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD0F57
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD0F72
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD004C
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD0F8D
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD0FAF
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD0F2B
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0073
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD0EEE
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD0EFF
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DD0EDD
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DD0F9E
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DD000A
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DD0F46
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DD0FC0
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DD001B
    .text C:\WINDOWS\Explorer.EXE[820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DD0F1A
    .text C:\WINDOWS\Explorer.EXE[820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01120022
    .text C:\WINDOWS\Explorer.EXE[820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0112007A
    .text C:\WINDOWS\Explorer.EXE[820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01120011
    .text C:\WINDOWS\Explorer.EXE[820] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01120000
    .text C:\WINDOWS\Explorer.EXE[820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0112005F
    .text C:\WINDOWS\Explorer.EXE[820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01120FE5
    .text C:\WINDOWS\Explorer.EXE[820] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0112004E
    .text C:\WINDOWS\Explorer.EXE[820] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0112003D
    .text C:\WINDOWS\Explorer.EXE[820] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E10FA1
    .text C:\WINDOWS\Explorer.EXE[820] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E1002C
    .text C:\WINDOWS\Explorer.EXE[820] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E10FCD
    .text C:\WINDOWS\Explorer.EXE[820] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10FEF
    .text C:\WINDOWS\Explorer.EXE[820] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10FBC
    .text C:\WINDOWS\Explorer.EXE[820] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E10FDE
    .text C:\WINDOWS\Explorer.EXE[820] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00DF0000
    .text C:\WINDOWS\Explorer.EXE[820] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00DF0FE5
    .text C:\WINDOWS\Explorer.EXE[820] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00DF0FC0
    .text C:\WINDOWS\Explorer.EXE[820] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00DF0FAF
    .text C:\WINDOWS\Explorer.EXE[820] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E00000
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F80FE5
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F80FC3
    .text C:\WINDOWS\System32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F80FD4
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FEF
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70FA8
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70FB9
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70FD4
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70091
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70065
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F700D5
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F700B8
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70F57
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F700F0
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70F46
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70076
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70014
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70F8D
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70040
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F7002F
    .text C:\WINDOWS\System32\svchost.exe[1060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F72
    .text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F6001E
    .text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60F9E
    .text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FCD
    .text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FDE
    .text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F6005B
    .text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
    .text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F60040
    .text C:\WINDOWS\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F6002F
    .text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FA004C
    .text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA0FC1
    .text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FA001D
    .text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FA0000
    .text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FA0FD2
    .text C:\WINDOWS\System32\svchost.exe[1060] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FA0FE3
    .text C:\WINDOWS\System32\svchost.exe[1060] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F90000
    ? C:\WINDOWS\system32\F0163970683\explorer.exe[1208] number of sections mismatch; time/date stamp mismatch;
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 013B000A
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 013B0025
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 013B0FE5
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013A0FE5
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013A0F5E
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 013A0F79
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013A0053
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 013A002C
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013A0000
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 013A009A
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013A0089
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013A0F30
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013A00C9
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013A00E4
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 013A0011
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013A0FCA
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 013A0078
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 013A0F94
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 013A0FAF
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 013A0F41
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 013E0069
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] msvcrt.dll!system 77C293C7 5 Bytes JMP 013E0058
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 013E0022
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 013E0FEF
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 013E0033
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 013E0FDE
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 013F0040
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 013F0F94
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 013F0025
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 013F0FEF
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 013F0051
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 013F0000
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 013F0FAF
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5F, 89]
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 013F0FCA
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013D0000
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 013C0000
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 013C0FDB
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 013C0FC0
    .text C:\WINDOWS\system32\F0163970683\explorer.exe[1208] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 013C0FA5
    .text C:\WINDOWS\system32\services.exe[1432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0005000A
    .text C:\WINDOWS\system32\services.exe[1432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050025
    .text C:\WINDOWS\system32\services.exe[1432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050FEF
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040FEF
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040F63
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040058
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040F7E
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040047
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0004001B
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040F37
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040F48
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040F0B
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000400A4
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040EFA
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0004002C
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FD4
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00040073
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040FB9
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0004000A
    .text C:\WINDOWS\system32\services.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040F26
    .text C:\WINDOWS\system32\services.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009C0022
    .text C:\WINDOWS\system32\services.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009C0F9B
    .text C:\WINDOWS\system32\services.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009C0011
    .text C:\WINDOWS\system32\services.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009C0FDB
    .text C:\WINDOWS\system32\services.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009C0FAC
    .text C:\WINDOWS\system32\services.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009C0000
    .text C:\WINDOWS\system32\services.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009C004E
    .text C:\WINDOWS\system32\services.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009C0033
    .text C:\WINDOWS\system32\services.exe[1432] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FB2
    .text C:\WINDOWS\system32\services.exe[1432] msvcrt.dll!system 77C293C7 5 Bytes JMP 0007003D
    .text C:\WINDOWS\system32\services.exe[1432] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0007001B
    .text C:\WINDOWS\system32\services.exe[1432] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070000
    .text C:\WINDOWS\system32\services.exe[1432] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0007002C
    .text C:\WINDOWS\system32\services.exe[1432] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FE3
    .text C:\WINDOWS\system32\services.exe[1432] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060000
    .text C:\WINDOWS\system32\lsass.exe[1444] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F90000
    .text C:\WINDOWS\system32\lsass.exe[1444] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F9001B
    .text C:\WINDOWS\system32\lsass.exe[1444] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F90FE5
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F8000A
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F73
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F8005E
     
    Fredx,
    #45
  7. 2010/10/29
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F80F84
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80FA1
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80039
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F8008A
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80F4E
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F800B6
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F800A5
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F80F02
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80FB2
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F80FEF
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F80079
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80FCD
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80FDE
    .text C:\WINDOWS\system32\lsass.exe[1444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F80F1D
    .text C:\WINDOWS\system32\lsass.exe[1444] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01120FB9
    .text C:\WINDOWS\system32\lsass.exe[1444] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01120F8A
    .text C:\WINDOWS\system32\lsass.exe[1444] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01120FD4
    .text C:\WINDOWS\system32\lsass.exe[1444] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0112000A
    .text C:\WINDOWS\system32\lsass.exe[1444] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0112003D
    .text C:\WINDOWS\system32\lsass.exe[1444] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01120FEF
    .text C:\WINDOWS\system32\lsass.exe[1444] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0112002C
    .text C:\WINDOWS\system32\lsass.exe[1444] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0112001B
    .text C:\WINDOWS\system32\lsass.exe[1444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB0F86
    .text C:\WINDOWS\system32\lsass.exe[1444] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB0F97
    .text C:\WINDOWS\system32\lsass.exe[1444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0011
    .text C:\WINDOWS\system32\lsass.exe[1444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0FE3
    .text C:\WINDOWS\system32\lsass.exe[1444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0FBC
    .text C:\WINDOWS\system32\lsass.exe[1444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0000
    .text C:\WINDOWS\system32\lsass.exe[1444] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0000
    .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 024F0000
    .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 024F0011
    .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 024F0FDB
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024E0FEF
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 024E0071
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 024E0056
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 024E002F
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 024E0F72
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 024E000A
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024E00AE
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024E0093
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 024E0F41
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024E00DA
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 024E00F5
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 024E0F8D
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 024E0FDE
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 024E0082
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 024E0FA8
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 024E0FC3
    .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 024E00BF
    .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02520FC0
    .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02520F9E
    .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0252001B
    .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0252000A
    .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02520FAF
    .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02520FE5
    .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02520047
    .text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02520036
    .text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02510FB7
    .text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!system 77C293C7 5 Bytes JMP 02510042
    .text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02510027
    .text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02510000
    .text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02510FD2
    .text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02510FEF
    .text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02500000
    .text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E70000
    .text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E7001B
    .text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E70FEF
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E60000
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E6009A
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E6007F
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E6006E
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E60047
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E60FAF
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E600E1
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E600C6
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E60F52
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E60F63
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E60F41
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E60036
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E60FE5
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E600B5
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E60FCA
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E6001B
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E60F74
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EA0FD4
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EA0F8D
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EA0025
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EA0FE5
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EA0F9E
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EA0000
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EA0FB9
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0A, 89]
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EA0040
    .text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E90062
    .text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E90FCD
    .text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E90033
    .text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E90000
    .text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E90FDE
    .text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E90FEF
    .text C:\WINDOWS\system32\svchost.exe[1704] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E80FEF
    .text C:\WINDOWS\System32\svchost.exe[1744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 049A0FEF
    .text C:\WINDOWS\System32\svchost.exe[1744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 049A001B
    .text C:\WINDOWS\System32\svchost.exe[1744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 049A000A
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04990000
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 049900A2
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 04990091
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04990FB7
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 04990FDE
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0499005B
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 049900D3
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 04990F8B
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 04990F4B
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 049900E4
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 04990F30
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 04990080
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0499001B
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 04990F9C
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 04990FEF
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 04990040
    .text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 04990F70
    .text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 04A0002F
    .text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04A00F97
    .text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04A00FD4
    .text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04A00FE5
    .text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 04A00054
    .text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04A00000
    .text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 04A00FA8
    .text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C0, 8C]
    .text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 04A00FC3
    .text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 049F0F9E
    .text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!system 77C293C7 5 Bytes JMP 049F0FAF
    .text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 049F0029
    .text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 049F0FEF
    .text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 049F0FCA
    .text C:\WINDOWS\System32\svchost.exe[1744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 049F000C
    .text C:\WINDOWS\System32\svchost.exe[1744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 049E0FEF
    .text C:\WINDOWS\System32\svchost.exe[1744] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 049D000A
    .text C:\WINDOWS\System32\svchost.exe[1744] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 049D0025
    .text C:\WINDOWS\System32\svchost.exe[1744] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 049D0FEF
    .text C:\WINDOWS\System32\svchost.exe[1744] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 049D004A
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150000
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270067
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00270F68
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270036
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270025
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270093
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270078
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700BF
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F30
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700D0
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270F83
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270000
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F4D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FAF
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700A4
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FCD
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360076
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360065
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360054
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360043
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370055
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370044
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370029
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B70000
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B70FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B70FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00B70FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[1808] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0FEF
    .text C:\WINDOWS\System32\svchost.exe[1896] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00960FE5
    .text C:\WINDOWS\System32\svchost.exe[1896] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00960FCA
    .text C:\WINDOWS\System32\svchost.exe[1896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0096000A
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00950000
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00950F8F
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00950084
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00950069
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00950058
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00950FC0
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00950F63
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0095009F
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009500EB
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00950F52
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00950106
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00950047
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00950011
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00950F74
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00950FDB
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0095002C
    .text C:\WINDOWS\System32\svchost.exe[1896] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009500D0
    .text C:\WINDOWS\System32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00990025
    .text C:\WINDOWS\System32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00990F9E
    .text C:\WINDOWS\System32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00990014
    .text C:\WINDOWS\System32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00990FDE
    .text C:\WINDOWS\System32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0099005B
    .text C:\WINDOWS\System32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00990FEF
    .text C:\WINDOWS\System32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00990040
    .text C:\WINDOWS\System32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00990FB9
    .text C:\WINDOWS\System32\svchost.exe[1896] msvcrt.dll!_wsystem
     
    Fredx,
    #46
  8. 2010/10/29
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    .text C:\WINDOWS\System32\svchost.exe[1896] msvcrt.dll!system 77C293C7 5 Bytes JMP 00980FA8
    .text C:\WINDOWS\System32\svchost.exe[1896] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00980FCD
    .text C:\WINDOWS\System32\svchost.exe[1896] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00980FEF
    .text C:\WINDOWS\System32\svchost.exe[1896] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00980022
    .text C:\WINDOWS\System32\svchost.exe[1896] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00980FDE
    .text C:\WINDOWS\System32\svchost.exe[1896] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00970000
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1960] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1960] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015002C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270087
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0027006C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F92
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0027005B
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00270040
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002700AC
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270F66
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00270F3F
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002700D8
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700FD
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0027001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270F77
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700C7
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360025
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0036005B
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0036004A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00360FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370042
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370FC1
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD2
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370027
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FE3
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01AD0FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01AD0014
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01AD0FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01AD002F
    .text C:\Program Files\Internet Explorer\iexplore.exe[2212] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01F40FEF
    .text C:\WINDOWS\System32\svchost.exe[3532] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D00000
    .text C:\WINDOWS\System32\svchost.exe[3532] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D00FC0
    .text C:\WINDOWS\System32\svchost.exe[3532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D00FDB
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF000A
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0086
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0F91
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0075
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0058
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0FC0
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF00C8
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F76
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F40
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF00E3
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF00F4
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0047
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF001B
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0097
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0FE5
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0036
    .text C:\WINDOWS\System32\svchost.exe[3532] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0F65
    .text C:\WINDOWS\System32\svchost.exe[3532] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0F9E
    .text C:\WINDOWS\System32\svchost.exe[3532] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0036
    .text C:\WINDOWS\System32\svchost.exe[3532] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0FB9
    .text C:\WINDOWS\System32\svchost.exe[3532] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0FCA
    .text C:\WINDOWS\System32\svchost.exe[3532] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0F79
    .text C:\WINDOWS\System32\svchost.exe[3532] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0FEF
    .text C:\WINDOWS\System32\svchost.exe[3532] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CE0025
    .text C:\WINDOWS\System32\svchost.exe[3532] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0014
    .text C:\WINDOWS\System32\svchost.exe[3532] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D20031
    .text C:\WINDOWS\System32\svchost.exe[3532] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D20FA6
    .text C:\WINDOWS\System32\svchost.exe[3532] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D20FC1
    .text C:\WINDOWS\System32\svchost.exe[3532] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D20FEF
    .text C:\WINDOWS\System32\svchost.exe[3532] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D20016
    .text C:\WINDOWS\System32\svchost.exe[3532] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D20FD2
    .text C:\WINDOWS\System32\svchost.exe[3532] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D10000
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3936] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[704] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!CompareStringA] 33000015
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!ExitProcess] 7D8BC033
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!FindResourceA] 0FFB3B08
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!GetACP] C33BC095
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!GetCommandLineA] 93E81C75
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!GetModuleHandleA] C7FFFFFF
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!GetOEMCP] 00001600
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!GetPrivateProfileStringA] 53535300
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!GetStartupInfoA] 53E85353
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!GetSystemTime] 83000015
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!GetSystemTimeAsFileTime] C03314C4
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!GetTimeFormatA] C03379EB
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!MultiByteToWideChar] C0950FF3
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 1E38C033
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!Sleep] 3BC0950F
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!TlsFree] E8CB74C3
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!VirtualAlloc] 00003D64
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!VirtualFree] 3B084589
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!lstrcmpA] E80D75C3
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!lstrcmpiA] FFFFFF52
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [KERNEL32.dll!lstrlenA] 001800C7
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [msvcrt.dll!_snwprintf] 0875FF0C
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [msvcrt.dll!printf] FFFF2AE8
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [msvcrt.dll!fwprintf] 0CC483FF
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [msvcrt.dll!exit] FF8BC35D
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [msvcrt.dll!__set_app_type] 83EC8B55
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [msvcrt.dll!__p__commode] 4D8B10EC
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [msvcrt.dll!__getmainargs] 5D8B5308
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [msvcrt.dll!wcslen] 3357560C
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [version.dll!GetFileVersionInfoSizeA] 2910C483
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [version.dll!VerQueryValueA] 7D8BFC7D
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [version.dll!GetFileVersionInfoA] 0095E9F0
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [userenv.dll!GetProfilesDirectoryW] FF36FF57
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [userenv.dll!GetAppliedGPOListW] 75FFFC75
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [userenv.dll!FreeGPOListW] 467EE8F8
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [userenv.dll!ExpandEnvironmentStringsForUserW] 7E290000
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [userenv.dll!UnregisterGPNotification] 013E0104
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!RtlLeaveCriticalSection] 39FC5D89
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!RtlNtStatusToDosError] 2174107D
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!RtlInitUnicodeString] 74147D39
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!NtEnumerateValueKey] 75CF3B1C
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!NtCreateSection] FEB0E81F
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!NtCreateEvent] 5757FFFF
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!LdrLoadDll] 00C75757
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!RtlInitString] 00000016
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!RtlFreeUnicodeString] 1470E857
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] C4830000
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!RtlEnterCriticalSection] 5FC03314
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!RtlCreateTagHeap] C3C95B5E
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!NtSetValueKey] 3B18758B
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!NtSetInformationProcess] 830D74F7
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!NtQueryDefaultLocale] D233FFC8
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [ntdll.dll!NtSetEvent] 391075F7
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!PrintDlgW] 41B17468
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!PageSetupDlgW] 3E69E800
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!PageSetupDlgA] C4830000
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!LoadAlterBitmap] 50A3EB0C
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!GetSaveFileNameW] 561075FF
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!GetSaveFileNameA] 3A55E857
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!GetOpenFileNameW] C4830000
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!GetOpenFileNameA] E4458910
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!GetFileTitleW] FEFC45C7
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!GetFileTitleA] E8FFFFFF
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!FindTextW] 00000009
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!FindTextA] E8E4458B
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!CommDlgExtendedError] 0000153C
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!ChooseFontW] 0875FFC3
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!ChooseFontA] 000F39E8
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!ChooseColorW] 8BC35900
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comdlg32.dll!ChooseColorA] EC8B55FF
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comctl32.dll!InitCommonControlsEx] 38FC5D89
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comctl32.dll!ImageList_ReplaceIcon] E820751F
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comctl32.dll!ImageList_GetIconSize] FFFFFF3E
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comctl32.dll!ImageList_Draw] 001600C7
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [comctl32.dll!ImageList_AddMasked] FE6A0000
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!midiOutReset] 836872F4
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!midiStreamOut] 7400F47D
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!mixerGetDevCapsW] FFFFB91F
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!mixerGetControlDetailsA] D2337FFF
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!midiOutGetNumDevs] 0976D93B
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!mixerGetLineControlsW] 75F7C18B
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!mixerSetControlDetails] EBC18BF4
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!mmDrvInstall] F7C38B07
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!mmGetCurrentTask] C38BF475
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!mmTaskBlock] 0BEBC22B
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!midiOutOpen] FFFFFFB8
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [winmm.dll!midiOutShortMsg] 77D83B7F
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!RevokeActiveObject] 74FFFB83
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!OleTranslateColor] 5157530B
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!OleLoadPicture] 00477EE8
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!OleIconToCursor] 0CC48300
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!ClearCustData] B974F73B
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!SafeArrayAllocData] 33FFC883
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!SafeArrayCreate] 1075F7D2
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!SysReAllocString] [77144539] C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!SysStringLen] 107D8BAC
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!VarBstrCat] 147DAF0F
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!VarBstrCmp] 0C0C46F7
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oleaut32.dll!RegisterTypeLib] 89000001
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIBusyA] 468B0874
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIAddVerbMenuA] F4458918
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIBusyW] 45C707EB
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUICanConvertOrActivateAs] 001000F4
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIUpdateLinksA] 0FFF8500
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIInsertObjectW] 0000EA84
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIInsertObjectA] 0C46F700
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIEditLinksW] 0000010C
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIEditLinksA] 468B4474
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIConvertW] 74C08504
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIChangeSourceW] 358C0F3D
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIChangeSourceA] 8B000001
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIChangeIconW] 72D83BFB
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIAddVerbMenuW] 3BF88B02
    IAT C:\WINDOWS\system32\F0163970683\explorer.exe[1208] @ C:\WINDOWS\system32\F0163970683\explorer.exe [oledlg.dll!OleUIChangeIconA] 870FFC7D
    IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1832] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407750] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077B0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
    Fredx,
    #47
  9. 2010/10/29
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000001fc

    Kernel Drivers (total 134):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF7607000 MountMgr.sys
    0xF74D8000 ftdisk.sys
    0xF798B000 dmload.sys
    0xF74B2000 dmio.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF749A000 atapi.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF747A000 fltmgr.sys
    0xF7468000 sr.sys
    0xF740B000 mfehidk.sys
    0xF7880000 KSecDD.sys
    0xF7B52000 Ntfs.sys
    0xF7853000 NDIS.sys
    0xF7839000 Mup.sys
    0xBA5D2000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xB961F000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
    0xB960B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xB95D5000 \SystemRoot\System32\DRIVERS\b57xp32.sys
    0xF77D7000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xB95B1000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xF77DF000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xB94E8000 \SystemRoot\System32\DRIVERS\wn311b.sys
    0xB9452000 \SystemRoot\system32\drivers\smwdm.sys
    0xB942E000 \SystemRoot\system32\drivers\portcls.sys
    0xBA5C2000 \SystemRoot\system32\drivers\drmk.sys
    0xB940B000 \SystemRoot\system32\drivers\ks.sys
    0xF79B1000 \SystemRoot\system32\drivers\aeaudio.sys
    0xB93F7000 \SystemRoot\System32\DRIVERS\parport.sys
    0xBA5B2000 \SystemRoot\System32\DRIVERS\serial.sys
    0xBA7E8000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xBA5A2000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xBA592000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF77E7000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
    0xBA582000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xB96F2000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xB93E3000 \SystemRoot\system32\DRIVERS\mfendisk.sys
    0xF7667000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xBA7D8000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xB93CC000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xF7677000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xF7687000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF77EF000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xB93BB000 \SystemRoot\System32\DRIVERS\psched.sys
    0xF7697000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xB9397000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xB9324000 \SystemRoot\system32\drivers\mfefirek.sys
    0xF77F7000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF77FF000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xB92F4000 \SystemRoot\System32\DRIVERS\rdpdr.sys
    0xF76A7000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF7807000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xF780F000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF79B5000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xB926E000 \SystemRoot\System32\DRIVERS\update.sys
    0xBA626000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xF76D7000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF76F7000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF79B7000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xF79B9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7A6A000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79BB000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF774F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7757000 \SystemRoot\System32\drivers\vga.sys
    0xF79BD000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79BF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF775F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7767000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA7F0000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xB10BE000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xB1065000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xB103F000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xB102C000 \SystemRoot\system32\drivers\mfetdi2k.sys
    0xB1004000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xF7577000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xB0FD8000 \SystemRoot\System32\drivers\afd.sys
    0xF7567000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xB0F85000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xB9383000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
    0xB0F15000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xF7537000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF776F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB0C65000 \SystemRoot\System32\Drivers\RTS5121.sys
    0xF7517000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB9377000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xF7777000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xF777F000 \SystemRoot\System32\DRIVERS\HPZius12.sys
    0xB9373000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF7507000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF74F7000 \SystemRoot\System32\DRIVERS\HPZid412.sys
    0xF7787000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0xF7657000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB0B22000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xB92E0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB92DC000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xF778F000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0xB92D8000 \SystemRoot\System32\DRIVERS\HPZipr12.sys
    0xB0B0A000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79C5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB1167000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7797000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7ABE000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF049000 \SystemRoot\System32\ati2cqag.dll
    0xBF083000 \SystemRoot\System32\ati3duag.dll
    0xBF257000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xAFA02000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xAF785000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAF8B2000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF79E7000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xF7A74000 \SystemRoot\System32\Drivers\LBeepKE.sys
    0xAF24F000 \SystemRoot\System32\DRIVERS\srv.sys
    0xAEBCB000 \SystemRoot\System32\Drivers\HTTP.sys
    0xAE9BB000 \SystemRoot\system32\drivers\cfwids.sys
    0xF79F5000 \SystemRoot\system32\DRIVERS\psi_mf.sys
    0xAE7E2000 \SystemRoot\system32\drivers\mfeapfk.sys
    0xAEA43000 \SystemRoot\system32\drivers\mfebopk.sys
    0xADEE7000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xADD65000 \??\C:\DOCUME~1\Freddie\LOCALS~1\Temp\aftirkob.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 49):
    0 System Idle Process
    4 System
    1288 C:\WINDOWS\system32\smss.exe
    1364 csrss.exe
    1388 C:\WINDOWS\system32\winlogon.exe
    1432 C:\WINDOWS\system32\services.exe
    1444 C:\WINDOWS\system32\lsass.exe
    1596 C:\WINDOWS\system32\ati2evxx.exe
    1612 C:\WINDOWS\system32\svchost.exe
    1704 svchost.exe
    1744 C:\WINDOWS\system32\svchost.exe
    1896 svchost.exe
    492 C:\WINDOWS\system32\spoolsv.exe
    820 C:\WINDOWS\explorer.exe
    968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    1108 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    1128 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1176 C:\Program Files\iTunes\iTunesHelper.exe
    1136 C:\WINDOWS\system32\ctfmon.exe
    1208 C:\WINDOWS\system32\F0163970683\explorer.exe
    1244 C:\Program Files\Secunia\PSI\psi.exe
    636 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    692 C:\Program Files\Bonjour\mDNSResponder.exe
    1020 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    1184 C:\Program Files\Java\jre6\bin\jqs.exe
    1848 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    1960 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    1832 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    612 C:\Program Files\Sony Icon\SonyIcon.exe
    888 C:\WINDOWS\system32\SonyIEx.exe
    1008 C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    1060 C:\WINDOWS\system32\svchost.exe
    112 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    128 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    3080 C:\Program Files\iPod\bin\iPodService.exe
    3532 svchost.exe
    3552 C:\WINDOWS\system32\wscntfy.exe
    3648 alg.exe
    600 C:\DOCUME~1\Freddie\LOCALS~1\temp\xxxwrp010yyzz\bin\javaw.exe
    1808 C:\Program Files\Internet Explorer\iexplore.exe
    3888 C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    1080 C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    1480 C:\Program Files\McAfee.com\Agent\mcagent.exe
    788 C:\Program Files\Mozilla Firefox\firefox.exe
    3936 C:\Program Files\Mozilla Firefox\plugin-container.exe
    716 C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    3972 C:\Program Files\Internet Explorer\iexplore.exe
    3808 C:\Program Files\Internet Explorer\iexplore.exe
    1884 C:\Documents and Settings\Freddie\Local Settings\Temporary Internet Files\Content.IE5\GD864E52\MBRCheck[1].exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD800JD-75HKA1, Rev: 14.03G14

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
    Fredx,
    #48
  10. 2010/10/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    All looks good, so far...

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #49
  11. 2010/10/30
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    ComboFix 10-10-28.09 - Freddie 10/30/2010 1:51.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1814 [GMT -4:00]
    Running from: c:\documents and settings\Freddie\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-20 05:14 . 2010-10-20 05:14 -------- d-----w- c:\documents and settings\Freddie\LimeWire
    2010-10-20 05:03 . 2010-10-20 05:03 -------- d-----w- c:\documents and settings\Freddie\Local Settings\Application Data\WMTools Downloaded Files
    2010-10-20 04:43 . 2010-10-20 04:43 -------- d-----w- c:\windows\system32\F0163970683
    2010-10-20 04:42 . 2010-10-20 04:42 476160 --sh--w- c:\windows\system32\authsvc.dll
    2010-10-20 03:25 . 2010-10-20 03:25 -------- d-----w- c:\program files\Google
    2010-10-20 03:10 . 2010-10-20 03:10 -------- d-----w- c:\program files\iPod
    2010-10-20 00:33 . 2010-10-20 00:34 -------- d-----w- c:\program files\Common Files\Adobe
    2010-10-20 00:12 . 2010-10-20 00:12 -------- d-----w- c:\program files\Apple Software Update
    2010-10-20 00:07 . 2010-10-20 00:07 -------- d-----w- c:\program files\Bonjour
    2010-10-19 23:57 . 2010-10-19 23:57 -------- d-----w- c:\program files\Secunia
    2010-10-19 05:08 . 2010-10-19 05:08 -------- d-----w- c:\program files\ESET
    2010-10-18 23:19 . 2010-10-18 23:19 -------- d-----w- c:\documents and settings\Administrator
    2010-10-18 16:53 . 2010-10-18 16:55 -------- dc-h--w- c:\windows\ie8
    2010-10-17 18:38 . 2010-10-17 18:38 -------- d-----w- c:\documents and settings\Freddie\Application Data\Malwarebytes
    2010-10-17 18:38 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 18:38 . 2010-10-17 18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 18:38 . 2010-10-17 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-17 18:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-16 02:50 . 2010-10-16 02:50 -------- d-----w- c:\program files\SIW
    2010-10-15 00:59 . 2010-10-15 00:59 -------- d-----w- c:\program files\Market Samurai
    2010-10-13 21:23 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 21:23 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 21:23 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-11 03:11 . 2010-10-11 03:11 -------- d-----w- c:\documents and settings\Freddie\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    2010-10-05 18:40 . 2010-10-05 18:40 -------- d-----w- c:\documents and settings\Freddie\Local Settings\Application Data\Yahoo!

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 16:23 . 2003-07-16 16:28 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2003-07-16 16:28 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2003-07-16 16:28 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2003-07-16 16:28 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50 . 2010-06-17 01:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29 . 2010-06-17 01:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2003-07-16 16:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51 . 2003-07-16 16:18 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2003-07-16 16:45 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2003-07-16 16:41 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2003-07-16 16:40 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2003-07-16 16:40 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-11-08 10:38 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-24 18:57 . 2010-04-24 17:27 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-08-24 18:57 . 2010-04-24 17:27 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-08-24 18:57 . 2010-04-24 17:27 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2010-08-24 18:57 . 2010-04-24 17:27 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-08-24 18:57 . 2010-04-24 17:27 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2010-08-24 18:57 . 2010-04-24 17:27 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-08-24 18:57 . 2010-04-24 17:27 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-08-24 18:57 . 2010-04-24 17:27 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-08-24 18:57 . 2010-04-24 17:27 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-08-24 18:57 . 2010-04-24 17:27 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-08-23 16:12 . 2003-07-16 16:19 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-11 17:59 . 2010-08-11 17:59 6184960 ----a-w- c:\windows\system32\rts5121icon.dll
    2010-08-11 17:59 . 2010-08-11 17:59 266240 ----a-w- c:\windows\system32\rts5121.dll
    2010-08-11 17:59 . 2010-08-11 17:59 157696 ----a-w- c:\windows\system32\drivers\RTS5121.sys
    2010-08-11 17:32 . 2004-04-29 23:55 213544 ----a-w- c:\windows\system32\drivers\b57xp32.sys
    2010-08-24 18:57 . 2010-05-19 07:18 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader "= "c:\documents and settings\Freddie\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
    "xwp "= "c:\windows\system32\F0163970683\explorer.exe" [2010-10-20 115712]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2009-06-17 55824]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
    "HP Component Manager "= "c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

    c:\documents and settings\Freddie\Start Menu\Programs\Startup\
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-11-06 19:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
    backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Freddie^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Freddie\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS00_WN311B]
    2008-09-17 22:17 3002368 ----a-w- c:\program files\NETGEAR\WN311B\Utility\WN311B.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-04-11 16:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2004-02-12 18:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\FrostWire\\FrostWire.exe "=
    "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe "=
    "c:\\Documents and Settings\\Freddie\\Application Data\\mjusbsp\\magicJack.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP "= 5985:TCP:*:Disabled:Windows Remote Management

    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/24/2010 1:27 PM 84072]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/8/2009 3:35 PM 10384]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/6/2009 4:52 PM 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/24/2010 1:27 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/24/2010 1:27 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/24/2010 1:27 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/24/2010 1:27 PM 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/24/2010 1:27 PM 55840]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/24/2010 1:27 PM 312904]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/24/2010 1:27 PM 88544]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [8/11/2010 1:59 PM 157696]
    S2 0059841285614155mcinstcleanup;McAfee Application Installer Cleanup (0059841285614155); [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [11/6/2009 2:28 PM 16194]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/24/2010 1:27 PM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/24/2010 1:27 PM 84264]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 10:05 AM 14904]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    FF - ProfilePath - c:\documents and settings\Freddie\Application Data\Mozilla\Firefox\Profiles\gu59yxob.default\
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Freddie\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 02:01
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1388)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(3384)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-10-30 02:03:20
    ComboFix-quarantined-files.txt 2010-10-30 06:03

    Pre-Run: 49,896,603,648 bytes free
    Post-Run: 50,383,572,992 bytes free

    - - End Of File - - 838C738147287F97E2614DD787712EBC
     
    Fredx,
    #50
  12. 2010/10/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\system32\F0163970683\explorer.exe


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "xwp "=-
[-HKLM\~\startupfolder\C:^Documents and Settings^Freddie^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring "=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
 "DisableMonitoring "=-

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #51
  13. 2010/10/30
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    ComboFix 10-10-30.01 - Freddie 10/30/2010 14:36:50.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1769 [GMT -4:00]
    Running from: c:\documents and settings\Freddie\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Freddie\Desktop\CFScript.text
    AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Created a new restore point

    FILE ::
    "c:\windows\system32\F0163970683\explorer.exe "
    .
    /wow section - STAGE 25
    '.d.a.1.a.3.f.f.' is not recognized as an internal or external command
    The system cannot find the path specified.
    The process cannot access the file because it is being used by another process.

    /wow section - STAGE 48
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.
    The process cannot access the file because it is being used by another process.

    /wow section - STAGE 50
    The process cannot access the file because it is being used by another process.


    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2010-10-20 05:14 . 2010-10-20 05:14 -------- d-----w- c:\documents and settings\Freddie\LimeWire
    2010-10-20 05:03 . 2010-10-20 05:03 -------- d-----w- c:\documents and settings\Freddie\Local Settings\Application Data\WMTools Downloaded Files
    2010-10-20 04:43 . 2010-10-20 04:43 -------- d-----w- c:\windows\system32\F0163970683
    2010-10-20 04:42 . 2010-10-20 04:42 476160 --sh--w- c:\windows\system32\authsvc.dll
    2010-10-20 03:25 . 2010-10-20 03:25 -------- d-----w- c:\program files\Google
    2010-10-20 03:10 . 2010-10-20 03:10 -------- d-----w- c:\program files\iPod
    2010-10-20 00:33 . 2010-10-20 00:34 -------- d-----w- c:\program files\Common Files\Adobe
    2010-10-20 00:12 . 2010-10-20 00:12 -------- d-----w- c:\program files\Apple Software Update
    2010-10-20 00:07 . 2010-10-20 00:07 -------- d-----w- c:\program files\Bonjour
    2010-10-19 23:57 . 2010-10-19 23:57 -------- d-----w- c:\program files\Secunia
    2010-10-19 05:08 . 2010-10-19 05:08 -------- d-----w- c:\program files\ESET
    2010-10-18 23:19 . 2010-10-18 23:19 -------- d-----w- c:\documents and settings\Administrator
    2010-10-18 16:53 . 2010-10-18 16:55 -------- dc-h--w- c:\windows\ie8
    2010-10-17 18:38 . 2010-10-17 18:38 -------- d-----w- c:\documents and settings\Freddie\Application Data\Malwarebytes
    2010-10-17 18:38 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 18:38 . 2010-10-17 18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 18:38 . 2010-10-17 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-17 18:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-16 02:50 . 2010-10-16 02:50 -------- d-----w- c:\program files\SIW
    2010-10-15 00:59 . 2010-10-15 00:59 -------- d-----w- c:\program files\Market Samurai
    2010-10-13 21:23 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 21:23 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 21:23 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-11 03:11 . 2010-10-11 03:11 -------- d-----w- c:\documents and settings\Freddie\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    2010-10-05 18:40 . 2010-10-05 18:40 -------- d-----w- c:\documents and settings\Freddie\Local Settings\Application Data\Yahoo!

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 16:23 . 2003-07-16 16:28 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2003-07-16 16:28 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2003-07-16 16:28 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2003-07-16 16:28 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50 . 2010-06-17 01:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29 . 2010-06-17 01:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2003-07-16 16:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51 . 2003-07-16 16:18 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2003-07-16 16:45 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2003-07-16 16:41 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2003-07-16 16:40 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2003-07-16 16:40 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-11-08 10:38 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-24 18:57 . 2010-04-24 17:27 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-08-24 18:57 . 2010-04-24 17:27 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-08-24 18:57 . 2010-04-24 17:27 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2010-08-24 18:57 . 2010-04-24 17:27 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-08-24 18:57 . 2010-04-24 17:27 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2010-08-24 18:57 . 2010-04-24 17:27 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-08-24 18:57 . 2010-04-24 17:27 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-08-24 18:57 . 2010-04-24 17:27 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-08-24 18:57 . 2010-04-24 17:27 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-08-24 18:57 . 2010-04-24 17:27 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-08-23 16:12 . 2003-07-16 16:19 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-11 17:59 . 2010-08-11 17:59 6184960 ----a-w- c:\windows\system32\rts5121icon.dll
    2010-08-11 17:59 . 2010-08-11 17:59 266240 ----a-w- c:\windows\system32\rts5121.dll
    2010-08-11 17:59 . 2010-08-11 17:59 157696 ----a-w- c:\windows\system32\drivers\RTS5121.sys
    2010-08-11 17:32 . 2004-04-29 23:55 213544 ----a-w- c:\windows\system32\drivers\b57xp32.sys
    2010-08-24 18:57 . 2010-05-19 07:18 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-30_06.01.10 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-30 18:28 . 2010-10-30 18:28 16384 c:\windows\Temp\Perflib_Perfdata_714.dat
    - 2003-07-16 16:35 . 2010-10-30 05:48 86128 c:\windows\system32\perfc009.dat
    + 2003-07-16 16:35 . 2010-10-30 18:32 86128 c:\windows\system32\perfc009.dat
    + 2010-10-27 20:09 . 2010-10-30 12:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2010-10-27 20:09 . 2010-10-30 04:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-11-06 17:24 . 2010-10-30 12:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-11-06 17:24 . 2010-10-30 04:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2010-10-30 12:29 . 2010-10-30 12:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2003-07-16 16:35 . 2010-10-30 18:32 502044 c:\windows\system32\perfh009.dat
    - 2003-07-16 16:35 . 2010-10-30 05:48 502044 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader "= "c:\documents and settings\Freddie\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2009-06-17 55824]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
    "HP Component Manager "= "c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

    c:\documents and settings\Freddie\Start Menu\Programs\Startup\
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-11-06 19:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
    backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AS00_WN311B]
    2008-09-17 22:17 3002368 ----a-w- c:\program files\NETGEAR\WN311B\Utility\WN311B.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-04-11 16:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2004-02-12 18:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\FrostWire\\FrostWire.exe "=
    "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe "=
    "c:\\Documents and Settings\\Freddie\\Application Data\\mjusbsp\\magicJack.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP "= 5985:TCP:*:Disabled:Windows Remote Management

    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/24/2010 1:27 PM 84072]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/8/2009 3:35 PM 10384]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/6/2009 4:52 PM 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/24/2010 1:27 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/24/2010 1:27 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/24/2010 1:27 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/24/2010 1:27 PM 141792]
    R2 SonyIcon_R;SonyIcon_R;c:\program files\Sony Icon\SonyIcon.exe [2/6/2010 2:28 AM 36864]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/24/2010 1:27 PM 55840]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/24/2010 1:27 PM 312904]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/24/2010 1:27 PM 88544]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [8/11/2010 1:59 PM 157696]
    S2 0059841285614155mcinstcleanup;McAfee Application Installer Cleanup (0059841285614155); [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 SonyIEx;SonyIEx;c:\windows\system32\SonyIEx.exe [11/6/2009 2:00 PM 126976]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [11/6/2009 2:28 PM 16194]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/24/2010 1:27 PM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/24/2010 1:27 PM 84264]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 10:05 AM 14904]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/16/2003 12:41 PM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    FF - ProfilePath - c:\documents and settings\Freddie\Application Data\Mozilla\Firefox\Profiles\gu59yxob.default\
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Freddie\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 14:42
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1388)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(3760)
    c:\windows\system32\WININET.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-10-30 14:44:40
    ComboFix-quarantined-files.txt 2010-10-30 18:44
    ComboFix2.txt 2010-10-30 06:03

    Pre-Run: 50,107,834,368 bytes free
    Post-Run: 50,296,758,272 bytes free

    - - End Of File - - ECE21B19500952C858B0A02B798271F0
     
    Fredx,
    #52
  14. 2010/10/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #53
  15. 2010/10/30
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    It seems to be running fine. Firefox hasn't crashed on me yet. McAfee's real time scanning keeps shutting off everytime I turn it back on. Secunia PSI keeps telling my that firefox 3.6.x is a catagory 5 threat. I've tried to solve it but keep getting an error. I haven't solved it since you've had me re-check my computer.

    OTL will be run after this post.
     
    Fredx,
    #54
  16. 2010/10/30
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    OTL Extras logfile created on: 10/30/2010 3:41:03 PM - Run 1
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Freddie\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 46.84 Gb Free Space | 62.87% Space Free | Partition Type: NTFS

    Computer Name: FREDDIE-Y95LV3U | User Name: Freddie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
    "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
    "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
    "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
    "C:\Documents and Settings\Freddie\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Freddie\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
    "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
    "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
    "{040508BD-8A7C-14CC-A7EA-FC291CCBDDDC}" = Market Samurai
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{1047106F-3AED-4661-B919-6D377BF641CF}" = RangeMax(tm) NEXT Wireless Adapter WN311B
    "{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
    "{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
    "{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
    "{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
    "{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C5C0C8D-EE74-4C4C-A098-9FF21055E6A9}" = Sony Icon
    "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
    "{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
    "{5EC5FAE4-498E-4408-B75F-EE272E9862A6}" = Sony Storage Tool for Windows XP Ver 1.03
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Sony Icon
    "{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
    "{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
    "{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
    "{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
    "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
    "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
    "{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
    "{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
    "{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
    "{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
    "{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
    "{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
    "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
    "{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
    "{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ESET Online Scanner" = ESET Online Scanner v3
    "GoToAssist" = GoToAssist 8.0.0.514
    "HP Photo & Imaging" = HP Image Zone 4.2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MP3 Rocket" = MP3 Rocket
    "MSC" = McAfee AntiVirus Plus
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Secunia PSI" = Secunia PSI
    "TreeDiagram " = TreeDiagram
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ System Events ]
    Error - 10/28/2010 2:36:08 PM | Computer Name = FREDDIE-Y95LV3U | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\D.

    Error - 10/28/2010 2:36:10 PM | Computer Name = FREDDIE-Y95LV3U | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\D.

    Error - 10/28/2010 2:36:12 PM | Computer Name = FREDDIE-Y95LV3U | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk3\D.

    Error - 10/28/2010 2:42:40 PM | Computer Name = FREDDIE-Y95LV3U | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    JOAN-LT that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{28FB3AF4-7495-49F9-A. The master browser is stopping or an election
    is being forced.

    Error - 10/28/2010 3:54:36 PM | Computer Name = FREDDIE-Y95LV3U | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    JOAN-LT that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{28FB3AF4-7495-49F9-A. The master browser is stopping or an election
    is being forced.

    Error - 10/29/2010 1:04:11 AM | Computer Name = FREDDIE-Y95LV3U | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    JOAN-LT that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{28FB3AF4-7495-49F9-A. The master browser is stopping or an election
    is being forced.

    Error - 10/29/2010 2:28:08 AM | Computer Name = FREDDIE-Y95LV3U | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    JOAN-LT that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{28FB3AF4-7495-49F9-A. The master browser is stopping or an election
    is being forced.

    Error - 10/29/2010 2:52:30 AM | Computer Name = FREDDIE-Y95LV3U | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 10/29/2010 9:56:01 AM | Computer Name = FREDDIE-Y95LV3U | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    JOAN-LT that believes that it is the master browser for the domain on transport
    NetBT_Tcpip_{28FB3AF4-7495-49F9-A. The master browser is stopping or an election
    is being forced.

    Error - 10/30/2010 1:51:01 AM | Computer Name = FREDDIE-Y95LV3U | Source = Service Control Manager | ID = 7034
    Description = The SonyIEx service terminated unexpectedly. It has done this 1 time(s).


    < End of report >
     
    Fredx,
    #55
  17. 2010/10/30
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    OTL logfile created on: 10/30/2010 3:41:03 PM - Run 1
    OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Freddie\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 46.84 Gb Free Space | 62.87% Space Free | Partition Type: NTFS

    Computer Name: FREDDIE-Y95LV3U | User Name: Freddie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/30 15:31:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Freddie\Desktop\OTL.exe
    PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/07/21 07:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
    PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/06/16 17:49:34 | 000,036,864 | ---- | M] () -- C:\Program Files\Sony Icon\SonyIcon.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/05/30 11:48:52 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\SonyIEx.exe
    PRC - [2003/08/28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/30 15:31:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Freddie\Desktop\OTL.exe
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (0059841285614155mcinstcleanup) McAfee Application Installer Cleanup (0059841285614155)
    SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2009/11/06 15:29:53 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2009/06/16 17:49:34 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Icon\SonyIcon.exe -- (SonyIcon_R)
    SRV - [2005/05/30 11:48:52 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SonyIEx.exe -- (SonyIEx)
    SRV - [2003/08/28 15:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Freddie\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/08/11 13:59:55 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
    DRV - [2010/08/11 13:32:48 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_@emand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2010/07/07 10:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2009/06/17 12:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2009/06/17 12:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2007/09/06 09:14:02 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wn311b.sys -- (BCM43XX)
    DRV - [2004/05/28 11:57:50 | 000,730,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2002/04/11 18:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
    DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/26 19:38:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 15:42:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 15:42:23 | 000,000,000 | ---D | M]

    [2010/10/20 00:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\Mozilla\Extensions
    [2010/10/30 13:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\Mozilla\Firefox\Profiles\gu59yxob.default\extensions
    [2010/10/29 13:58:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Freddie\Application Data\Mozilla\Firefox\Profiles\gu59yxob.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/30 13:12:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/16 21:08:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/09 23:32:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/19 00:34:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/10/18 21:43:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100927150148.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Freddie\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - Startup: C:\Documents and Settings\Freddie\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Freddie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Freddie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/11/06 13:20:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/30 15:31:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Freddie\Desktop\OTL.exe
    [2010/10/30 01:22:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/30 01:22:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/30 01:22:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/30 01:22:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/30 01:17:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/28 15:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Freddie\Desktop\Colorado
    [2010/10/20 01:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Freddie\LimeWire
    [2010/10/20 01:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Freddie\Local Settings\Application Data\WMTools Downloaded Files
    [2010/10/20 00:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\F0163970683
    [2010/10/20 00:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Freddie\Application Data\Google
    [2010/10/20 00:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
    [2010/10/19 23:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2010/10/19 23:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/10/19 20:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/10/19 20:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/10/19 20:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/10/19 20:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/10/19 19:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
    [2010/10/19 01:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/10/19 01:00:46 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Freddie\Desktop\TFC.exe
    [2010/10/18 21:36:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/18 21:33:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/18 19:18:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2010/10/18 18:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/10/18 12:53:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/10/17 14:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Freddie\Application Data\Malwarebytes
    [2010/10/17 14:38:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/17 14:38:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/17 14:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/17 14:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/15 22:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
    [2010/10/14 20:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
    [2010/10/10 23:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Freddie\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2010/10/10 16:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Freddie\Desktop\Paul Tobey Webpage Webinar
    [2010/10/05 14:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Freddie\Local Settings\Application Data\Yahoo!
    [2004/08/25 11:22:08 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/10/30 17:44:19 | 000,085,504 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 15:41:41 | 000,502,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/30 15:41:41 | 000,086,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/30 15:38:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/30 15:37:36 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
    [2010/10/30 15:37:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/30 15:31:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Freddie\Desktop\OTL.exe
    [2010/10/30 14:32:31 | 005,553,208 | ---- | M] () -- C:\Documents and Settings\Freddie\library5.dat
    [2010/10/30 14:32:31 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Freddie\mojito.props
    [2010/10/30 14:32:30 | 000,002,952 | ---- | M] () -- C:\Documents and Settings\Freddie\limewire.props
    [2010/10/30 14:32:10 | 003,896,496 | R--- | M] () -- C:\Documents and Settings\Freddie\Desktop\ComboFix.exe
    [2010/10/30 14:31:57 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Freddie\fileurns.cache
    [2010/10/30 13:46:43 | 000,705,789 | ---- | M] () -- C:\Documents and Settings\Freddie\createtimes.cache
    [2010/10/30 02:13:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Freddie\Desktop\Internet.lnk
    [2010/10/29 15:42:26 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Freddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/10/29 15:42:26 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/10/20 00:42:01 | 000,476,160 | -HS- | M] () -- C:\WINDOWS\System32\authsvc.dll
    [2010/10/19 23:26:39 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
    [2010/10/19 23:15:20 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/19 20:42:48 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/10/19 20:34:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/10/19 20:12:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/19 19:57:49 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Freddie\Start Menu\Programs\Startup\Secunia PSI.lnk
    [2010/10/19 19:49:33 | 000,240,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/19 12:42:08 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
    [2010/10/19 03:01:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/19 01:00:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Freddie\Desktop\TFC.exe
    [2010/10/18 21:43:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/18 21:36:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/18 12:58:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Freddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/17 14:38:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/15 22:50:07 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Freddie\Desktop\SIW.lnk
    [2010/10/14 20:59:39 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
    [2010/10/13 21:56:52 | 000,692,267 | ---- | M] () -- C:\Documents and Settings\Freddie\Desktop\TenNewTrainingTips.pdf
    [2010/10/12 11:36:56 | 000,013,694 | ---- | M] () -- C:\Documents and Settings\Freddie\Desktop\camper stove.jpg
    [2010/10/11 22:12:01 | 000,056,699 | ---- | M] () -- C:\Documents and Settings\Freddie\Desktop\Todd Durkin.jpg
    [2010/10/01 14:13:29 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk

    ========== Files Created - No Company Name ==========

    [2010/10/30 14:32:07 | 003,896,496 | R--- | C] () -- C:\Documents and Settings\Freddie\Desktop\ComboFix.exe
    [2010/10/30 02:13:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Freddie\Desktop\Internet.lnk
    [2010/10/30 01:22:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/30 01:22:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/30 01:22:12 | 000,085,504 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/30 01:22:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/30 01:22:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/20 01:15:19 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Freddie\fileurns.cache
    [2010/10/20 01:14:50 | 000,705,789 | ---- | C] () -- C:\Documents and Settings\Freddie\createtimes.cache
    [2010/10/20 01:14:49 | 005,553,208 | ---- | C] () -- C:\Documents and Settings\Freddie\library5.dat
    [2010/10/20 01:14:49 | 000,002,952 | ---- | C] () -- C:\Documents and Settings\Freddie\limewire.props
    [2010/10/20 01:14:49 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Freddie\mojito.props
    [2010/10/20 00:42:01 | 000,476,160 | -HS- | C] () -- C:\WINDOWS\System32\authsvc.dll
    [2010/10/20 00:09:22 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Freddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/10/20 00:09:22 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/10/19 23:26:39 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
    [2010/10/19 23:11:38 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/10/19 20:42:48 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/10/19 20:34:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/10/19 19:57:49 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Freddie\Start Menu\Programs\Startup\Secunia PSI.lnk
    [2010/10/18 21:36:15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/10/18 21:36:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/18 19:16:49 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
    [2010/10/17 14:38:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/15 22:50:07 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Freddie\Desktop\SIW.lnk
    [2010/10/14 20:59:39 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
    [2010/10/13 21:56:52 | 000,692,267 | ---- | C] () -- C:\Documents and Settings\Freddie\Desktop\TenNewTrainingTips.pdf
    [2010/10/12 11:36:54 | 000,013,694 | ---- | C] () -- C:\Documents and Settings\Freddie\Desktop\camper stove.jpg
    [2010/10/11 22:12:00 | 000,056,699 | ---- | C] () -- C:\Documents and Settings\Freddie\Desktop\Todd Durkin.jpg
    [2010/08/09 23:09:40 | 001,406,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/07/31 19:18:43 | 000,002,180 | ---- | C] () -- C:\Documents and Settings\Freddie\Application Data\BestModePatch_RubenMain.log
    [2010/07/31 19:18:43 | 000,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
    [2010/07/31 19:18:08 | 000,009,112 | ---- | C] () -- C:\Documents and Settings\Freddie\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
    [2010/07/31 19:18:08 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
    [2010/07/31 19:17:45 | 000,003,984 | ---- | C] () -- C:\Documents and Settings\Freddie\Application Data\HPCOM_48BitScanUpdate.log
    [2010/07/31 19:17:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2009/11/30 22:42:39 | 000,000,420 | ---- | C] () -- C:\WINDOWS\nte2001.INI
    [2009/11/10 16:05:18 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Freddie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/11/06 14:28:38 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ASupplicant.dll
    [2009/11/06 14:22:47 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Freddie\Local Settings\Application Data\fusioncache.dat
    [2009/11/06 14:11:45 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/11/06 14:05:37 | 000,000,453 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/11/06 13:47:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2009/11/06 07:36:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

    ========== LOP Check ==========

    [2010/06/18 11:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
    [2010/01/28 14:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2009/11/06 15:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2009/11/06 14:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2010/04/28 14:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/11/10 02:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/11/09 13:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/09/23 14:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\FrostWire
    [2009/11/08 15:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\Leadertech
    [2010/10/10 23:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2010/06/21 21:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\mjusbsp
    [2010/09/29 18:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\MP3Rocket
    [2010/08/12 00:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\System Tweaker
    [2010/08/05 14:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\Windows Desktop Search
    [2010/08/05 15:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Freddie\Application Data\Windows Search

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/02/26 00:32:57 | 000,000,715 | ---- | M] () -- C:\Amazon Unbox.lnk
    [2009/11/06 13:20:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/09 23:15:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/18 21:36:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/30 14:44:41 | 000,021,447 | ---- | M] () -- C:\ComboFix.txt
    [2009/11/06 13:20:23 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2003/12/08 14:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
    [2009/11/06 13:20:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/10/19 00:41:44 | 000,006,750 | ---- | M] () -- C:\JavaRa.log
    [2009/11/06 13:20:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/11/07 14:07:30 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/11/08 13:08:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/30 15:37:02 | 3219,128,320 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/11/06 13:20:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2009/12/10 10:24:06 | 000,082,168 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/11/06 07:34:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/11/06 07:34:36 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/11/06 07:34:35 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/11/08 13:16:28 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/11/08 13:42:17 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Freddie\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/11/06 13:29:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Freddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/30 14:32:10 | 003,896,496 | R--- | M] () -- C:\Documents and Settings\Freddie\Desktop\ComboFix.exe
    [2010/10/30 15:31:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Freddie\Desktop\OTL.exe
    [2010/10/19 01:00:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Freddie\Desktop\TFC.exe
    [2009/11/06 15:44:08 | 012,542,736 | ---- | M] (NETGEAR ) -- C:\Documents and Settings\Freddie\Desktop\WN311B_setup_6.1.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/11/08 13:42:17 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Freddie\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/30 15:38:44 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\Freddie\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/12/17 11:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
    [2002/12/17 11:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/12/17 11:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/12/17 11:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2002/12/17 11:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/12/17 11:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/12/17 11:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2009/11/10 16:05:17 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2002/12/17 11:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 14:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
    Fredx,
    #56
  18. 2010/10/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You shouldn't be running Secunia as a startup.
    It's an overkill.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
SRV - File not found [Auto | Stopped] -- -- (0059841285614155mcinstcleanup) McAfee Application Installer Cleanup (0059841285614155)


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #57
  19. 2010/10/30
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    Secunia is no longer part of startup.
    I just noticed that my McAfee virus scan is going to expire in 10 days. Is there a better one you woud recomend?



    All processes killed
    ========== OTL ==========
    Error: No service named 0059841285614155mcinstcleanup) McAfee Application Installer Cleanup (0059841285614155 was found to stop!
    Service\Driver key 0059841285614155mcinstcleanup) McAfee Application Installer Cleanup (0059841285614155 not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Freddie
    ->Temp folder emptied: 148785 bytes
    ->Temporary Internet Files folder emptied: 8113774 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 66130173 bytes
    ->Flash cache emptied: 10434 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 571 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 71.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Freddie
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.1 log created on 10302010_160018

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    Fredx,
    #58
  20. 2010/10/30
    Fredx

    Fredx Inactive Thread Starter

    Joined:
    2010/10/15
    Messages:
    45
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    ESET Online Scanner v3
    McAfee AntiVirus Plus
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.4.0
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    ````````````````````````````````
    DNS Vulnerability Check:
    Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

    ``````````End of Log````````````
     
    Fredx,
    #59
  21. 2010/10/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #60
Page 3 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...