1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google Redirect and random audio clip virus

Discussion in 'Malware and Virus Removal Archive' started by sambaker, 2011/09/26.

Page 1 of 2
  1. 2011/09/26
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    [Resolved] Google Redirect and random audio clip virus

    I am looking for assistance in removing some viruses that have infected my system. I am running Windows XP Home Edition Version 2002 SP3.

    Several weeks ago, I noticed that I had a Google redirect virus. The symptoms at the time were that sometimes (not always) when I clicked on a Google search link, I was redirected to another page than where I wanted to go. If I just backed up and clicked it again, it would take me to the right page.

    Then, a few days ago, I started getting random audio clips playing on my laptop. I found that I could kill them by going to Task Manager and killing one of many iexplore.exe tasks running, but after a while they always come back. At the same time that the random audio clips appeared, the Google redirect virus became more persistent, i.e., it occurred more frequently and now I usually cannot work around it by just going back and clicking the link again like I did before.

    Other symptoms include slow performance, Mozilla Firefox periodically hanging up and quitting, system periodically randomly shutting down and rebooting unprompted, and one or more messages upon reboot stating that Internet Explorer is being shut down when I never opened it to begin with.

    Any help that can be provided would be much appreciated.

    Thanks.
     
    sambaker,
    #1
  2. 2011/09/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    Thanks for your response and your help. I have downloaded and run all the scans as directed in your last post. I have not used my laptop much since running these scans, so I have not noticed any significant behavior changes on my computer. Mozilla Firefox did crash once in between some of the download/scans that I ran.

    Below in the next couple of posts are the logs you requested. I will await your reply. Thanks again.


    1. Malwarebytes Quick Scan Log:
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7811

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    9/27/2011 11:22:34 PM
    mbam-log-2011-09-27 (23-22-34).txt

    Scan type: Quick scan
    Objects scanned: 229994
    Time elapsed: 46 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\brandon mcgahee\0.6732479283145103.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
     
    sambaker,
    #3
  5. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    2. GMER.LOG:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-28 04:47:48
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721010G9SA00 rev.MCZOC10H
    Running: xyi7hhir.exe; Driver: C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp\pxldqpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9ED02A6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9ED02D2]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9ED0328]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9ED027C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9ED0254]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9ED0268]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9ED02BC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9ED02FE]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9ED0352]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9ED033E]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9ED0312]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9ED0316 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B9ED032C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B9ED0342 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B9ED0302 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9ED0258 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9ED026C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B9ED0356 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9ED02C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B9ED02AA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B9ED02D6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9ED0280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\svchost.exe[388] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007A0000
    .text C:\WINDOWS\system32\svchost.exe[388] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A0025
    .text C:\WINDOWS\system32\svchost.exe[388] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A0FE5
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790FEF
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00790F4B
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00790F66
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 00790F77
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [83]
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790F94
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790025
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00790065
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00790F29
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00790F0C
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007900A5
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007900B6
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00790036
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0079000A
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00790F3A
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00790FC3
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00790FD4
    .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0079008A
    .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008E002C
    .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008E004E
    .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008E001B
    .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008E0FE5
    .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008E0F9B
    .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008E0000
    .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008E0FAC
    .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AE, 88]
    .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008E003D
    .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0F8B
    .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0F9C
    .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0FD2
    .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D0FEF
    .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0FB7
    .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D000C
    .text C:\WINDOWS\system32\svchost.exe[388] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008C000A
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009F0FEF
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009F0025
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009E0FEF
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009E00A4
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009E0093
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009E006C
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009E005B
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009E0025
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009E00E1
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009E00C6
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009E010D
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009E0F74
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009E011E
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009E0040
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009E000A
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009E00B5
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009E0FB9
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009E0FDE
    .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009E00F2
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A20FB9
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A20F79
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A20FCA
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A20000
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A20F94
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A20FEF
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A2002C
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A2001B
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10F8B
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10F9C
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FC8
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10000
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A10FB7
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A10FE3
    .text C:\WINDOWS\system32\svchost.exe[456] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A00000
    .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00920000
    .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0092002C
    .text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00920011
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910FEF
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00910F55
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00910F66
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00910F77
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910F94
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00910036
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00910F38
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00910080
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910F13
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009100AC
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009100C7
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00910FAF
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910FD4
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0091006F
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910025
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0091000A
    .text C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0091009B
    .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0FD4
    .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF004A
    .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0FEF
    .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF001B
    .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0F8D
    .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF000A
    .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BF0F9E
    .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DF, 88]
    .text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FB9
    .text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0036
    .text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FAB
    .text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0000
    .text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FEF
    .text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0011
    .text C:\WINDOWS\system32\svchost.exe[804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FC6
    .text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00930FEF
    .text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00930FDE
    .text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 0093000A
    .text C:\WINDOWS\system32\svchost.exe[804] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 0093001B
    .text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0094000A
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006F0000
    .text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006F0FE5
    .text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F0011
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006E0FEF
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006E0080
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006E0F8B
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006E0065
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006E0054
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006E0028
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006E0F66
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006E00AC
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006E00F5
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006E00E4
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006E0F41
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006E0039
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006E0FDE
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006E009B
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006E0FB2
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006E0FCD
    .text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006E00C9
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0072002C
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00720087
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00720FE5
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0072001B
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00720FCA
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0072000A
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00720062
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00720047
    .text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710FA3
    .text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!system 77C293C7 5 Bytes JMP 0071002E
    .text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0071000C
    .text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00710FE3
    .text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0071001D
    .text C:\WINDOWS\System32\svchost.exe[1264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710FD2
    .text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00700FEF
    .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006F0000
    .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006F0FDB
    .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F0011
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006E0000
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006E00A7
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006E0FA8
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006E0082
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006E0FB9
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006E0FCA
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006E00E6
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006E00C9
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006E0F6F
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006E0108
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006E0F54
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006E005B
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006E0011
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006E00B8
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006E0FDB
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006E002C
    .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006E00F7
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00720FB9
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00720F57
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00720FCA
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00720FE5
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00720F68
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00720000
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00720F83
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [92, 88]
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00720F9E
    .text C:\WINDOWS\System32\svchost.exe[1312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710064
    .text C:\WINDOWS\System32\svchost.exe[1312] msvcrt.dll!system 77C293C7 5 Bytes JMP 00710053
    .text C:\WINDOWS\System32\svchost.exe[1312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00710027
    .text C:\WINDOWS\System32\svchost.exe[1312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0071000C
    .text C:\WINDOWS\System32\svchost.exe[1312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00710042
    .text C:\WINDOWS\System32\svchost.exe[1312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710FE3
    .text C:\WINDOWS\System32\svchost.exe[1312] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00700FE5
    .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B80FEF
    .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B80FC3
    .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B80FDE
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B70FEF
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B70F7C
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B70F8D
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B7005B
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B70F9E
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B70025
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B70F50
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B70F61
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B700C4
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B700B3
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B700DF
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B70036
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B7000A
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B7008C
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B70FB9
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B70FD4
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B70F35
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA000A
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA0F83
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0FB9
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA0FD4
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0040
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0FE5
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BA001B
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA0F9E
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90FB2
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90033
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90011
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90000
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90022
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90FE3
    .text C:\WINDOWS\system32\services.exe[1580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0004000A
    .text C:\WINDOWS\system32\services.exe[1580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0004002C
    .text C:\WINDOWS\system32\services.exe[1580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0004001B
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE0FEF
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FE0084
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FE0073
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FE0058
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FE0047
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FE002C
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FE0F48
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FE0F59
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FE00B5
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FE0F1C
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FE00D0
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FE0FA5
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE000A
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FE0F6A
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FE0FC0
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FE001B
    .text C:\WINDOWS\system32\services.exe[1580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FE0F2D
    .text C:\WINDOWS\system32\services.exe[1580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00070FD4
    .text C:\WINDOWS\system32\services.exe[1580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0007005B
    .text C:\WINDOWS\system32\services.exe[1580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00070025
    .text C:\WINDOWS\system32\services.exe[1580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00070FEF
    .text C:\WINDOWS\system32\services.exe[1580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00070040
    .text C:\WINDOWS\system32\services.exe[1580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0007000A
    .text C:\WINDOWS\system32\services.exe[1580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00070F9E
    .text C:\WINDOWS\system32\services.exe[1580] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [27, 88]
    .text C:\WINDOWS\system32\services.exe[1580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00070FC3
    .text C:\WINDOWS\system32\services.exe[1580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060FDE
    .text C:\WINDOWS\system32\services.exe[1580] msvcrt.dll!system 77C293C7 5 Bytes JMP 0006005F
    .text C:\WINDOWS\system32\services.exe[1580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0006003A
    .text C:\WINDOWS\system32\services.exe[1580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060000
    .text C:\WINDOWS\system32\services.exe[1580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060FEF
    .text C:\WINDOWS\system32\services.exe[1580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060029
    .text C:\WINDOWS\system32\services.exe[1580] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0005000A
    .text C:\WINDOWS\system32\lsass.exe[1592] ntdll.dll!NtCreateFile
     
    sambaker,
    #4
  6. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    .text C:\WINDOWS\system32\lsass.exe[1592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0000
    .text C:\WINDOWS\system32\lsass.exe[1592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0022
    .text C:\WINDOWS\system32\lsass.exe[1592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0011
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F50FEF
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F50F70
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F50065
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F50054
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F50F97
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F50FB2
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F50F38
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F50F49
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F50F09
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F500AC
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F500BD
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F50039
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F5000A
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F50080
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F50FC3
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F50FD4
    .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F5009B
    .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0FC3
    .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0054
    .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FDE
    .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FEF
    .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0043
    .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD000A
    .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BD0FA1
    .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DD, 88]
    .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0FB2
    .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC004C
    .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0031
    .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FD2
    .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0000
    .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0FC1
    .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0FE3
    .text C:\WINDOWS\system32\lsass.exe[1592] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BB0000
    .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BC0FEF
    .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BC000A
    .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC0FD4
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00FE5
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00054
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00F55
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00F66
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00F83
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00025
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00F44
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00080
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000C5
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F22
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C000D6
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00F9E
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00000
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 0063463B
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C0006F
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C00FB9
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FCA
    .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C00F33
    .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0FCA
    .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0051
    .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF0025
    .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FEF
    .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF0040
    .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF000A
    .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BF0F9E
    .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DF, 88]
    .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0FB9
    .text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0FAF
    .text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0044
    .text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0029
    .text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0FEF
    .text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FD4
    .text C:\WINDOWS\system32\svchost.exe[1780] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0018
    .text C:\WINDOWS\system32\svchost.exe[1780] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BD0FEF
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C90FEF
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C90000
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C90FCA
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C80FEF
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C80053
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C80F68
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C80F79
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C80F8A
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C80036
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C80084
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C80F3C
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C80F06
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C8009F
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C800BA
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C80FAF
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C80000
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C80F4D
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C80025
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C80FD4
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C80F17
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CC0FD4
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CC0F86
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CC001B
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CC000A
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CC0F97
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CC0FEF
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CC0FA8
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EC, 88]
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CC0FB9
    .text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB0053
    .text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB0FC8
    .text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB0FE3
    .text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0000
    .text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89]
    .text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB0038
    .text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB001D
    .text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CA0FEF
    .text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02F00000
    .text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02F0002C
    .text C:\WINDOWS\System32\svchost.exe[1936] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02F0001B
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02EF0000
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02EF0F48
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02EF0047
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02EF0F6D
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02EF0036
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02EF0FAF
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02EF0F15
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02EF0F26
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02EF0ECE
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02EF0EDF
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02EF0082
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02EF0F94
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02EF0011
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02EF0F37
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02EF0FCA
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02EF0FDB
    .text C:\WINDOWS\System32\svchost.exe[1936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02EF0EFA
    .text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02F40025
    .text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02F40FA5
    .text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02F40FCA
    .text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02F40FEF
    .text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02F40058
    .text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02F4000A
    .text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02F40047
    .text C:\WINDOWS\System32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02F40036
    .text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02F30FB7
    .text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!system 77C293C7 5 Bytes JMP 02F30FD2
    .text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02F30FE3
    .text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02F30000
    .text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02F30038
    .text C:\WINDOWS\System32\svchost.exe[1936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02F3001D
    .text C:\WINDOWS\System32\svchost.exe[1936] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02F20FE5
    .text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 02F10FEF
    .text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 02F10FDE
    .text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 02F10FC3
    .text C:\WINDOWS\System32\svchost.exe[1936] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 02F10014
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150014
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FDE
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00280FE5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0028008E
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00280073
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00280062
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00280051
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00280025
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002800B0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00280F74
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002800E6
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002800D5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00280F32
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00280040
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00280FD4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00164663
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0028009F
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00280014
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00280FB9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00280F4D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0037002C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370073
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0037001B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0037000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370FC0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370FE5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00370062
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370047
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35277E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3526FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352743 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35268B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3526C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3527B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E201762 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380FBE
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00380049
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00380FE3
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00380038
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0038001D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E352994 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 00E90000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ws2_32.dll!send 71AB428A 5 Bytes JMP 7FF91AD9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 7FF91A15
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ws2_32.dll!recv 71AB615A 5 Bytes JMP 7FF9196B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 7FF91B07
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] WININET.dll!HttpOpenRequestA 3D94AA5B 5 Bytes JMP 029A035E C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] WININET.dll!HttpOpenRequestW 3D94C47A 5 Bytes JMP 029A04C2 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01BC0000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01BC0FE5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01BC0FC0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 01BC0FAF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ntdll.dll!NtCreateFile
     
    sambaker,
    #5
  7. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0015000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FD4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FE5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00280FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00280F8D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00280F9E
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0028006C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0028005B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00280040
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002800C4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002800A7
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00280F5A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00280F6B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0028010E
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00280FB9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0028000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00164663
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00280F7C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00280FD4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00280025
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002800E9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370036
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370FAF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00370025
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00370FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370062
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00370051
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370FCA
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35277E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3526FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352743 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35268B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3526C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3527B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E201762 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380FA6
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] msvcrt.dll!system 77C293C7 5 Bytes JMP 00380031
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00380FD2
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00380FB7
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380FE3
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E352994 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 46CB56D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ws2_32.dll!connect 71AB406A 5 Bytes JMP 46CB5765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ws2_32.dll!send 71AB428A 5 Bytes JMP 46CB5D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 7FF91A15
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ws2_32.dll!recv 71AB615A 5 Bytes JMP 46CB66BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 7FF91B07
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 46CB63B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] WININET.dll!HttpOpenRequestA 3D94AA5B 5 Bytes JMP 029A035E C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] WININET.dll!HttpOpenRequestW 3D94C47A 5 Bytes JMP 029A04C2 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01BC0FE5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01BC0FD4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01BC000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2448] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 01BC0FB9
    .text C:\WINDOWS\Explorer.EXE[3108] Explorer.EXE 0101A55F 12 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; SUB ESP, 0x44; PUSH ESI; PUSH EDI; PUSH 0x10}
    .text C:\WINDOWS\Explorer.EXE[3108] Explorer.EXE 0101A56C 22 Bytes CALL 0100FA8F C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation)
    .text C:\WINDOWS\Explorer.EXE[3108] Explorer.EXE 0101A583 13 Bytes [15, 18, 11, 00, 01, 50, E8, ...] {ADC EAX, 0x1001118; PUSH EAX; CALL 0xfffffffffffffb74; PUSH 0x10}
    .text C:\WINDOWS\Explorer.EXE[3108] Explorer.EXE 0101A591 15 Bytes [F0, 59, 33, C0, 8D, 7D, C0, ...]
    .text C:\WINDOWS\Explorer.EXE[3108] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000
    .text C:\WINDOWS\Explorer.EXE[3108] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FD4
    .text C:\WINDOWS\Explorer.EXE[3108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FEF
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F99
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0084
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0073
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0062
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0051
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F50
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F6D
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F13
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F2E
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00BD
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FCA
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B001B
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00C9463B
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F7E
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0036
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FE5
    .text C:\WINDOWS\Explorer.EXE[3108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F3F
    .text C:\WINDOWS\Explorer.EXE[3108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0025
    .text C:\WINDOWS\Explorer.EXE[3108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0062
    .text C:\WINDOWS\Explorer.EXE[3108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0014
    .text C:\WINDOWS\Explorer.EXE[3108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0FD4
    .text C:\WINDOWS\Explorer.EXE[3108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0051
    .text C:\WINDOWS\Explorer.EXE[3108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FEF
    .text C:\WINDOWS\Explorer.EXE[3108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002A0040
    .text C:\WINDOWS\Explorer.EXE[3108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0FB9
    .text C:\WINDOWS\Explorer.EXE[3108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003C0FD4
    .text C:\WINDOWS\Explorer.EXE[3108] msvcrt.dll!system 77C293C7 5 Bytes JMP 003C0FEF
    .text C:\WINDOWS\Explorer.EXE[3108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003C0044
    .text C:\WINDOWS\Explorer.EXE[3108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003C000C
    .text C:\WINDOWS\Explorer.EXE[3108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003C005F
    .text C:\WINDOWS\Explorer.EXE[3108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003C001D
    .text C:\WINDOWS\Explorer.EXE[3108] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 003E0FEF
    .text C:\WINDOWS\Explorer.EXE[3108] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 003E0014
    .text C:\WINDOWS\Explorer.EXE[3108] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 003E0FDE
    .text C:\WINDOWS\Explorer.EXE[3108] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 003E0FC3
    .text C:\WINDOWS\Explorer.EXE[3108] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01CE0FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FE5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150FC0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00280FE5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0028005B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00280F5C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00280F77
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00280040
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00280025
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0028007D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0028006C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00280F1A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002800B3
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002800C4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00280F94
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00280000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00164663
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00280F41
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00280FB9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00280FD4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00280098
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00370F9E
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370F6F
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00370FB9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00370FD4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0037002C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0037001B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0037000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35277E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3526FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352743 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35268B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3526C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3527B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E201762 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380053
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00380042
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0038001D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0038000C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00380FD2
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00380FE3
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E352994 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 00E90FE5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ws2_32.dll!send 71AB428A 5 Bytes JMP 7FF91AD9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 7FF91A15
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ws2_32.dll!recv 71AB615A 5 Bytes JMP 7FF9196B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 7FF91B07
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] WININET.dll!HttpOpenRequestA 3D94AA5B 5 Bytes JMP 029A035E C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] WININET.dll!HttpOpenRequestW 3D94C47A 5 Bytes JMP 029A04C2 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01BD0FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01BD000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01BD0FD4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3748] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 01BD0FB9
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015001B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FE5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00280000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002800A4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00280FAF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00280087
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00280FD4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00280051
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002800E6
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00280F94
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00280F5E
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002800F7
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00280112
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0028006C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00280FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00164663
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002800B5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00280040
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0028001B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00280F79
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0037002C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370062
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0037001B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0037000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370FAF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00370047
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00370FC0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35277E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3526FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352743 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35268B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3526C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3527B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E201762 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380069
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] msvcrt.dll!system 77C293C7 5 Bytes JMP 00380FD4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00380029
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00380FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0038003A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0038000C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E352994 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 00E90FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ws2_32.dll!send 71AB428A 5 Bytes JMP 7FF91AD9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 7FF91A15
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ws2_32.dll!recv 71AB615A 5 Bytes JMP 7FF9196B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 7FF91B07
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] WININET.dll!HttpOpenRequestA 3D94AA5B 5 Bytes JMP 029A035E C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] WININET.dll!HttpOpenRequestW 3D94C47A 5 Bytes JMP 029A04C2 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01D70FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01D7000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01D70FDE
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4276] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 01D70FCD
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5464] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AA800 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5464] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AA792 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5464] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104B229C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5464] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104B2861 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ntdll.dll!NtCreateFile
     
    sambaker,
    #6
  8. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00150014
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00150FDE
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00280FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00280080
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0028006F
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00280054
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00280F97
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00280FA8
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00280F5A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002800A2
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00280F24
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002800BD
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00280F09
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00280039
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00280000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00164663
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00280091
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00280FC3
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00280FD4
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00280F3F
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0037001B
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00370FA5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00370FCA
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0037000A
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00370062
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00370FE5
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00370047
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0037002C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35277E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3526FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352743 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35268B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3526C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3527B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E201762 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00380FA3
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] msvcrt.dll!system 77C293C7 5 Bytes JMP 00380FBE
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0038002E
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0038000C
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00380FD9
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0038001D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E352994 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 46CB56D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ws2_32.dll!connect 71AB406A 5 Bytes JMP 46CB5765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ws2_32.dll!send 71AB428A 5 Bytes JMP 46CB5D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 7FF91A15
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ws2_32.dll!recv 71AB615A 5 Bytes JMP 46CB66BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 7FF91B07
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 46CB63B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] WININET.dll!HttpOpenRequestA 3D94AA5B 5 Bytes JMP 0280035E C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] WININET.dll!HttpOpenRequestW 3D94C47A 5 Bytes JMP 028004C2 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01AD0000
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01AD0FEF
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01AD0FDE
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5476] WININET.dll!InternetOpenUrlW 3D9984A1 5 Bytes JMP 01AD002F

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1204] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040A4B0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1204] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040A510] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011E2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011E2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011E2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011E2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\WINDOWS\Explorer.EXE[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CC2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CC2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CC2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CC2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[3924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01B92F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[3924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01B92C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[3924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01B92CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[3924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01B92CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    Device \FileSystem\Fastfat \Fat A7A61D20

    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 PE file @ sector 192410505

    ---- EOF - GMER 1.0.15 ----
     
    sambaker,
    #7
  9. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    3. aswMBR.txt:
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-28 05:02:31
    -----------------------------
    05:02:31.390 OS Version: Windows 5.1.2600 Service Pack 3
    05:02:31.390 Number of processors: 2 586 0xE08
    05:02:31.390 ComputerName: BRANDON UserName:
    05:02:38.531 Initialize success
    05:03:44.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    05:03:44.640 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 93958MB BusType: 3
    05:03:46.734 Disk 0 MBR read successfully
    05:03:46.734 Disk 0 MBR scan
    05:03:46.750 Disk 0 unknown MBR code
    05:03:46.796 Disk 0 scanning sectors +192410505
    05:03:46.953 Disk 0 PE file @ sector 192410505 !
    05:03:47.156 Disk 0 scanning C:\WINDOWS\system32\drivers
    05:05:04.000 Service scanning
    05:05:14.046 Modules scanning
    05:06:16.687 Disk 0 trace - called modules:
    05:06:16.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    05:06:16.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abecab8]
    05:06:16.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000081[0x8ac4ff18]
    05:06:16.765 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac4e940]
    05:06:16.984 Scan finished successfully
    05:07:30.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Brandon McGahee\Desktop\MBR.dat "
    05:07:30.171 The log file has been saved successfully to "C:\Documents and Settings\Brandon McGahee\Desktop\aswMBR.txt "


    4. DDS.txt:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_22
    Run by Brandon McGahee at 5:10:40 on 2011-09-28
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.673 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\NetWaiting\NetWaiting.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Logitech\Logitech Vid\vid.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Belkin\F5D8051v2\chkdev.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    C:\Program Files\McAfee\VirusScan\mcods.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.msn.com/
    uInternet Settings,ProxyServer = 128.59.20.227:3124
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110921060232.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll "
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll "
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [ModemOnHold] c:\program files\netwaiting\NetWaiting.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe "
    mRun: [CaISSDT] "c:\program files\ca\etrust internet security suite\caissdt.exe "
    mRun: [eTrustPPAP] "c:\program files\ca\etrust internet security suite\etrust pestpatrol anti-spyware\PPActiveDetection.exe "
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe "
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8051v2\Belkinwcui.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    Trusted Zone: musicmatch.com\online
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158294370062
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
    TCP: Interfaces\{1CB4701E-7992-43BE-B3E3-AA95F43D6B7F} : DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
    TCP: Interfaces\{CC419E6E-D16B-4E54-B5CA-E6F8AE74D64F} : DhcpNameServer = 12.127.16.67 12.127.17.71 12.127.16.68
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
     
    sambaker,
    #8
  10. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\brandon mcgahee\application data\mozilla\firefox\profiles\6akbzgc3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61152
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-2 64160]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-8 461864]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-19 89624]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1036104]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-19 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-19 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-19 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-19 166024]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-19 160344]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-19 148520]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-19 57432]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-8 180072]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-8 59288]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-19 338040]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-19 83688]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-19 83688]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-19 87808]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-8 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-8 40552]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-2-27 30576]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
    .
    =============== Created Last 30 ================
    .
    2011-09-28 08:56:09 864 ----a-w- c:\documents and settings\all users\application data\ecyzaaa.tmp
    2011-09-28 03:23:05 54016 ----a-w- c:\windows\system32\drivers\beche.sys
    2011-09-28 00:53:08 849 ----a-w- c:\documents and settings\all users\application data\fcyzaaa.tmp
    2011-09-27 23:54:04 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{7487ac80-9dce-4987-ae06-9e225276e747}\offreg.dll
    2011-09-27 23:54:01 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{7487ac80-9dce-4987-ae06-9e225276e747}\mpengine.dll
    2011-09-27 07:57:34 -------- d-----w- c:\documents and settings\all users\application data\Viewpoint
    2011-09-27 04:50:42 836 ----a-w- c:\documents and settings\all users\application data\opzzaaa.tmp
    2011-09-27 04:09:13 869 ----a-w- c:\documents and settings\all users\application data\spzzaaa.tmp
    2011-09-27 02:37:36 886 ----a-w- c:\documents and settings\all users\application data\qpzzaaa.tmp
    2011-09-27 02:06:09 864 ----a-w- c:\documents and settings\all users\application data\ppzzaaa.tmp
    2011-09-26 06:52:23 849 ----a-w- c:\documents and settings\all users\application data\gfkabaa.tmp
    2011-09-26 06:43:04 811 ----a-w- c:\documents and settings\all users\application data\hfkabaa.tmp
    2011-09-26 06:23:12 812 ----a-w- c:\documents and settings\all users\application data\jfkabaa.tmp
    2011-09-26 05:53:30 844 ----a-w- c:\documents and settings\all users\application data\ifkabaa.tmp
    2011-09-26 02:45:52 834 ----a-w- c:\documents and settings\all users\application data\kqcabaa.tmp
    2011-09-26 01:13:58 814 ----a-w- c:\documents and settings\all users\application data\iqcabaa.tmp
    2011-09-26 00:26:36 868 ----a-w- c:\documents and settings\all users\application data\lqcabaa.tmp
    2011-09-25 23:01:12 867 ----a-w- c:\documents and settings\all users\application data\jqcabaa.tmp
    2011-09-25 21:37:01 852 ----a-w- c:\documents and settings\all users\application data\mqcabaa.tmp
    2011-09-25 19:04:39 870 ----a-w- c:\documents and settings\all users\application data\icyzaaa.tmp
    2011-09-25 19:04:34 836 ----a-w- c:\documents and settings\all users\application data\hcyzaaa.tmp
    2011-09-25 19:04:29 863 ----a-w- c:\documents and settings\all users\application data\gcyzaaa.tmp
    2011-09-25 16:46:07 844 ----a-w- c:\documents and settings\all users\application data\rpzzaaa.tmp
    2011-09-25 14:38:58 877 ----a-w- c:\documents and settings\all users\application data\tdeabaa.tmp
    2011-09-25 14:30:18 875 ----a-w- c:\documents and settings\all users\application data\vdeabaa.tmp
    2011-09-25 12:55:42 817 ----a-w- c:\documents and settings\all users\application data\sdeabaa.tmp
    2011-09-25 12:38:04 839 ----a-w- c:\documents and settings\all users\application data\udeabaa.tmp
    2011-09-25 07:58:04 821 ----a-w- c:\documents and settings\all users\application data\wdeabaa.tmp
    2011-09-25 03:49:41 828 ----a-w- c:\documents and settings\all users\application data\pehabaa.tmp
    2011-09-25 03:49:00 837 ----a-w- c:\documents and settings\all users\application data\nehabaa.tmp
    2011-09-25 03:48:55 857 ----a-w- c:\documents and settings\all users\application data\mehabaa.tmp
    2011-09-25 03:48:36 826 ----a-w- c:\documents and settings\all users\application data\qehabaa.tmp
    2011-09-25 03:48:35 809 ----a-w- c:\documents and settings\all users\application data\oehabaa.tmp
    2011-09-24 03:55:40 831 ----a-w- c:\documents and settings\all users\application data\zcbabaa.tmp
    2011-09-24 01:16:52 866 ----a-w- c:\documents and settings\all users\application data\bdbabaa.tmp
    2011-09-23 23:56:03 829 ----a-w- c:\documents and settings\all users\application data\adbabaa.tmp
    2011-09-23 23:55:17 838 ----a-w- c:\documents and settings\all users\application data\cdbabaa.tmp
    2011-09-23 23:50:46 846 ----a-w- c:\documents and settings\all users\application data\ycbabaa.tmp
    2011-09-21 10:02:11 28504 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
    2011-09-15 16:38:01 -------- d--h--w- c:\windows\system32\WLANProfiles
    .
    ==================== Find3M ====================
    .
    2011-09-27 23:50:09 4784 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-08-15 14:00:06 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-08-15 14:00:06 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-08-14 21:33:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-25 01:53:36 0 ---ha-w- c:\documents and settings\brandon mcgahee\bfkfjwqhhj.tmp
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    .
    ============= FINISH: 5:24:20.34 ===============
     
    sambaker,
    #9
  11. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    5. Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/15/2006 6:00:14 PM
    System Uptime: 9/27/2011 6:19:39 PM (11 hours ago)
    .
    Motherboard: Dell Inc. | | 0XD720
    Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1830/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 67 GiB total, 32.009 GiB free.
    D: is FIXED (NTFS) - 22 GiB total, 21.462 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 9/23/2011 4:56:17 PM - System Checkpoint
    RP2: 9/25/2011 11:57:29 AM - System Checkpoint
    RP3: 9/25/2011 3:15:57 PM - Restore Operation
    RP4: 9/27/2011 6:50:35 AM - System Checkpoint
    RP5: 9/27/2011 7:53:56 PM - Software Distribution Service 3.0
    RP6: 9/27/2011 7:55:24 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    7-Zip 4.57
    725plc32
    Ad-Aware
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0
    America Online (Choose which version to remove)
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Connectivity Services
    AOLIcon
    ATI Catalyst Control Center
    ATI Display Driver
    Belkin N1 Wireless USB Network Adapter Setup
    Bing Bar
    Broadcom Management Programs
    CA eTrust PestPatrol Anti-Spyware
    CCleaner (remove only)
    CleanUp!
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Corel Photo Album 6
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Color Printer 725
    Dell Digital Jukebox Driver
    Dell Game Console
    Dell Media Experience
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Digital Content Portal
    Digital Line Detect
    Documentation & Support Launcher
    EarthLink setup files
    EducateU
    ELIcon
    Games, Music, & Photos Launcher
    Get High Speed Internet!
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) PROSet/Wireless Software
    Internet Explorer (Enable DEP)
    Internet Service Offers Launcher
    iS3 STOPzilla Toolbar
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    K-Lite Codec Pack 3.9.5 (Full)
    Learn2 Player (Uninstall Only)
    Logitech Legacy USB Camera Driver Package
    Logitech Updater
    Logitech Vid
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    Malwarebytes' Anti-Malware version 1.51.2.1300
    McAfee SecurityCenter
    McAfee Uninstaller
    mCore
    MCU
    mDriver
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Corporation
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft LifeCam
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Live Add-in 1.3
    Microsoft Office Live Meeting 2007
    Microsoft Office Project MUI (English) 2010 (Beta)
    Microsoft Office Project Professional 2010 (Beta)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010 (Beta)
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010 (Beta)
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010 (Beta)
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010 (Beta)
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Send-a-Smile
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010 (Beta)
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Visio Professional 2007 Trial
    Microsoft Office XP Media Content
    Microsoft Office XP Professional
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Project Professional 2010
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Software Update for Web Folders (English) 14 (Beta)
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    mIWA
    mLogView
    mMHouse
    Mobile Broadband Generic Drivers
    Modem Helper
    Mozilla Firefox 6.0.2 (x86 en-US)
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    MSN
    mSSO
    MSVCRT
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    MSXML 6.0 Parser
    Musicmatch for Windows Media Player
    Musicmatch® Jukebox
    mWlsSafe
    mWMI
    mZConfig
    NetWaiting
    NetZeroInstallers
    NTI Shadow
    PowerDVD 5.7
    QuickSet
    RealPlayer
    Search Assist
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2553010)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype Toolbars
    Skypeâ„¢ 4.2
    Snagit 10
    Sonic DLA
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    TestDrive Client
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VZAccess Manager
    WebEx
    WebFldrs XP
    WIDCOMM Bluetooth Software
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WinZip 14.5
    WordPerfect Office 12
    WOT for Internet Explorer
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/27/2011 11:52:49 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    9/24/2011 8:33:11 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    9/24/2011 12:30:26 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
    9/24/2011 12:30:26 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    9/23/2011 7:50:47 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/23/2011 7:41:21 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
    9/22/2011 10:20:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcf_device service to connect.
    9/22/2011 10:20:25 AM, error: Service Control Manager [7000] - The dlcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/22/2011 10:20:25 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcf_device with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
    9/21/2011 6:03:24 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
    9/21/2011 6:03:24 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Proxy Service service, but this action failed with the following error: An instance of the service is already running.
    9/21/2011 6:03:24 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Personal Firewall Service service, but this action failed with the following error: An instance of the service is already running.
    9/21/2011 6:03:24 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Network Agent service, but this action failed with the following error: An instance of the service is already running.
    9/21/2011 6:03:24 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Anti-Spam Service service, but this action failed with the following error: An instance of the service is already running.
    9/21/2011 6:02:24 AM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/21/2011 6:02:24 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/21/2011 6:02:24 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/21/2011 6:02:24 AM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/21/2011 6:02:24 AM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/21/2011 6:02:24 AM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================[/B]
     
    sambaker,
    #10
  12. 2011/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #11
  13. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    18:59:43.0890 5972 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
    18:59:44.0609 5972 ============================================================
    18:59:44.0609 5972 Current date / time: 2011/09/28 18:59:44.0609
    18:59:44.0609 5972 SystemInfo:
    18:59:44.0609 5972
    18:59:44.0609 5972 OS Version: 5.1.2600 ServicePack: 3.0
    18:59:44.0609 5972 Product type: Workstation
    18:59:44.0609 5972 ComputerName: BRANDON
    18:59:44.0609 5972 UserName: Brandon McGahee
    18:59:44.0609 5972 Windows directory: C:\WINDOWS
    18:59:44.0609 5972 System windows directory: C:\WINDOWS
    18:59:44.0609 5972 Processor architecture: Intel x86
    18:59:44.0609 5972 Number of processors: 2
    18:59:44.0609 5972 Page size: 0x1000
    18:59:44.0609 5972 Boot type: Normal boot
    18:59:44.0609 5972 ============================================================
    18:59:46.0656 5972 Initialize success
    19:00:02.0359 4604 ============================================================
    19:00:02.0359 4604 Scan started
    19:00:02.0359 4604 Mode: Manual;
    19:00:02.0359 4604 ============================================================
    19:00:08.0062 4604 Abiosdsk - ok
    19:00:08.0109 4604 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    19:00:08.0234 4604 abp480n5 - ok
    19:00:08.0281 4604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    19:00:08.0296 4604 ACPI - ok
    19:00:08.0375 4604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    19:00:08.0390 4604 ACPIEC - ok
    19:00:08.0437 4604 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    19:00:08.0546 4604 adpu160m - ok
    19:00:08.0656 4604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    19:00:08.0656 4604 aec - ok
    19:00:08.0781 4604 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    19:00:08.0859 4604 AegisP - ok
    19:00:08.0921 4604 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    19:00:08.0921 4604 AFD - ok
    19:00:08.0968 4604 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    19:00:08.0968 4604 agp440 - ok
    19:00:09.0000 4604 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    19:00:09.0000 4604 agpCPQ - ok
    19:00:09.0078 4604 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    19:00:09.0140 4604 Aha154x - ok
    19:00:09.0171 4604 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    19:00:09.0250 4604 aic78u2 - ok
    19:00:09.0296 4604 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    19:00:09.0359 4604 aic78xx - ok
    19:00:09.0390 4604 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    19:00:09.0453 4604 AliIde - ok
    19:00:09.0500 4604 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    19:00:09.0500 4604 alim1541 - ok
    19:00:09.0531 4604 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    19:00:09.0531 4604 amdagp - ok
    19:00:09.0625 4604 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    19:00:09.0625 4604 amsint - ok
    19:00:09.0718 4604 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    19:00:09.0843 4604 APPDRV - ok
    19:00:09.0937 4604 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    19:00:09.0937 4604 Arp1394 - ok
    19:00:09.0968 4604 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    19:00:10.0031 4604 asc - ok
    19:00:10.0046 4604 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    19:00:10.0109 4604 asc3350p - ok
    19:00:10.0125 4604 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    19:00:10.0187 4604 asc3550 - ok
    19:00:10.0265 4604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:00:10.0265 4604 AsyncMac - ok
    19:00:10.0359 4604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:00:10.0359 4604 atapi - ok
    19:00:10.0375 4604 Atdisk - ok
    19:00:10.0453 4604 ati2mtag (bebeb471617782d138b6f92e7c3fab1c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    19:00:10.0640 4604 ati2mtag - ok
    19:00:10.0765 4604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:00:10.0781 4604 Atmarpc - ok
    19:00:10.0812 4604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:00:10.0828 4604 audstub - ok
    19:00:10.0875 4604 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    19:00:10.0875 4604 bcm4sbxp - ok
    19:00:10.0890 4604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    19:00:10.0890 4604 Beep - ok
    19:00:10.0953 4604 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
    19:00:11.0078 4604 btaudio - ok
    19:00:11.0250 4604 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
    19:00:11.0265 4604 BTDriver - ok
    19:00:11.0687 4604 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    19:00:11.0875 4604 BTKRNL - ok
    19:00:12.0203 4604 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
    19:00:12.0343 4604 BTSERIAL - ok
    19:00:13.0000 4604 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    19:00:13.0140 4604 BTWDNDIS - ok
    19:00:13.0578 4604 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
    19:00:13.0765 4604 btwhid - ok
    19:00:13.0843 4604 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
    19:00:13.0906 4604 btwmodem - ok
    19:00:14.0015 4604 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
    19:00:14.0093 4604 BTWUSB - ok
    19:00:14.0125 4604 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    19:00:14.0140 4604 cbidf - ok
    19:00:14.0140 4604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:00:14.0140 4604 cbidf2k - ok
    19:00:14.0187 4604 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    19:00:14.0203 4604 CCDECODE - ok
    19:00:14.0234 4604 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    19:00:14.0312 4604 cd20xrnt - ok
    19:00:14.0343 4604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:00:14.0343 4604 Cdaudio - ok
    19:00:14.0359 4604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    19:00:14.0375 4604 Cdfs - ok
    19:00:14.0468 4604 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:00:14.0468 4604 Cdrom - ok
    19:00:14.0531 4604 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\WINDOWS\system32\drivers\cfwids.sys
    19:00:14.0531 4604 cfwids - ok
    19:00:14.0546 4604 Changer - ok
    19:00:14.0671 4604 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    19:00:14.0671 4604 CmBatt - ok
    19:00:14.0718 4604 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    19:00:14.0718 4604 CmdIde - ok
    19:00:14.0734 4604 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    19:00:14.0734 4604 Compbatt - ok
    19:00:14.0765 4604 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    19:00:14.0781 4604 Cpqarray - ok
    19:00:14.0875 4604 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    19:00:14.0906 4604 dac2w2k - ok
    19:00:14.0921 4604 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    19:00:15.0031 4604 dac960nt - ok
    19:00:15.0109 4604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    19:00:15.0109 4604 Disk - ok
    19:00:15.0171 4604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    19:00:15.0187 4604 dmboot - ok
    19:00:15.0296 4604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    19:00:15.0312 4604 dmio - ok
    19:00:15.0359 4604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    19:00:15.0359 4604 dmload - ok
    19:00:15.0406 4604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    19:00:15.0406 4604 DMusic - ok
    19:00:15.0453 4604 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    19:00:15.0468 4604 dpti2o - ok
    19:00:15.0484 4604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    19:00:15.0500 4604 drmkaud - ok
    19:00:15.0609 4604 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
    19:00:15.0718 4604 drvmcdb - ok
    19:00:15.0781 4604 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
    19:00:15.0843 4604 drvnddm - ok
    19:00:15.0953 4604 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    19:00:15.0953 4604 DSproct - ok
    19:00:16.0062 4604 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    19:00:16.0062 4604 dsunidrv - ok
    19:00:16.0093 4604 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    19:00:16.0093 4604 E100B - ok
    19:00:16.0156 4604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    19:00:16.0171 4604 Fastfat - ok
    19:00:16.0203 4604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    19:00:16.0203 4604 Fdc - ok
    19:00:16.0250 4604 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    19:00:16.0375 4604 FilterService - ok
    19:00:16.0390 4604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    19:00:16.0390 4604 Fips - ok
    19:00:16.0406 4604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    19:00:16.0421 4604 Flpydisk - ok
    19:00:16.0531 4604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    19:00:16.0546 4604 FltMgr - ok
    19:00:16.0593 4604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:00:16.0593 4604 Fs_Rec - ok
    19:00:16.0609 4604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:00:16.0625 4604 Ftdisk - ok
    19:00:16.0656 4604 GearAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
    19:00:16.0750 4604 GearAspiWDM - ok
    19:00:16.0781 4604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:00:16.0781 4604 Gpc - ok
    19:00:16.0843 4604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    19:00:16.0859 4604 HDAudBus - ok
    19:00:16.0984 4604 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    19:00:17.0093 4604 hpn - ok
    19:00:17.0250 4604 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    19:00:17.0359 4604 HSFHWAZL - ok
    19:00:17.0421 4604 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    19:00:17.0437 4604 HSF_DPV - ok
    19:00:17.0593 4604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    19:00:17.0593 4604 HTTP - ok
    19:00:17.0640 4604 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    19:00:17.0640 4604 i2omgmt - ok
    19:00:17.0671 4604 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    19:00:17.0671 4604 i2omp - ok
    19:00:17.0718 4604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:00:17.0718 4604 i8042prt - ok
    19:00:17.0734 4604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:00:17.0750 4604 Imapi - ok
    19:00:17.0796 4604 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    19:00:17.0859 4604 ini910u - ok
    19:00:18.0015 4604 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    19:00:18.0015 4604 IntelIde - ok
    19:00:18.0062 4604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    19:00:18.0062 4604 intelppm - ok
    19:00:18.0093 4604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    19:00:18.0093 4604 Ip6Fw - ok
    19:00:18.0125 4604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:00:18.0125 4604 IpFilterDriver - ok
    19:00:18.0156 4604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:00:18.0171 4604 IpInIp - ok
    19:00:18.0203 4604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:00:18.0203 4604 IpNat - ok
    19:00:18.0250 4604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:00:18.0265 4604 IPSec - ok
    19:00:18.0406 4604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:00:18.0406 4604 IRENUM - ok
    19:00:18.0437 4604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:00:18.0437 4604 isapnp - ok
    19:00:18.0453 4604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:00:18.0453 4604 Kbdclass - ok
    19:00:18.0468 4604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    19:00:18.0484 4604 kbdhid - ok
    19:00:18.0500 4604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    19:00:18.0515 4604 kmixer - ok
    19:00:18.0546 4604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    19:00:18.0546 4604 KSecDD - ok
    19:00:18.0625 4604 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    19:00:18.0656 4604 Lbd - ok
    19:00:18.0859 4604 lbrtfdc - ok
    19:00:18.0984 4604 lvpopflt (6d994fa3d541b63eaccf4f2b3f42b2e1) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
    19:00:19.0156 4604 lvpopflt - ok
    19:00:19.0203 4604 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
    19:00:19.0328 4604 LVPr2Mon - ok
    19:00:19.0484 4604 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
    19:00:19.0625 4604 LVRS - ok
    19:00:19.0671 4604 lvselsus (6e59bc28a41f8a2b702d345a5604652f) C:\WINDOWS\system32\DRIVERS\lvselsus.sys
    19:00:19.0796 4604 lvselsus - ok
    19:00:19.0828 4604 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
    19:00:19.0828 4604 LVUSBSta - ok
    19:00:20.0093 4604 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    19:00:20.0390 4604 LVUVC - ok
    19:00:20.0500 4604 MBAMSwissArmy - ok
    19:00:20.0562 4604 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    19:00:20.0578 4604 mdmxsdk - ok
    19:00:20.0625 4604 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\WINDOWS\system32\drivers\mfeapfk.sys
    19:00:20.0750 4604 mfeapfk - ok
    19:00:20.0781 4604 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\WINDOWS\system32\drivers\mfeavfk.sys
    19:00:20.0906 4604 mfeavfk - ok
    19:00:20.0921 4604 mfeavfk01 - ok
    19:00:20.0937 4604 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\WINDOWS\system32\drivers\mfebopk.sys
    19:00:20.0953 4604 mfebopk - ok
    19:00:20.0984 4604 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\WINDOWS\system32\drivers\mfefirek.sys
    19:00:20.0984 4604 mfefirek - ok
    19:00:21.0140 4604 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\WINDOWS\system32\drivers\mfehidk.sys
    19:00:21.0359 4604 mfehidk - ok
    19:00:21.0406 4604 mfendisk (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    19:00:21.0468 4604 mfendisk - ok
    19:00:21.0484 4604 mfendiskmp (348e3db31cf458adaa3798fb8af659c3) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    19:00:21.0546 4604 mfendiskmp - ok
    19:00:21.0640 4604 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\WINDOWS\system32\drivers\mferkdet.sys
    19:00:21.0640 4604 mferkdet - ok
    19:00:21.0718 4604 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
    19:00:21.0781 4604 mferkdk - ok
    19:00:21.0828 4604 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
    19:00:21.0906 4604 mfesmfk - ok
    19:00:21.0937 4604 mfetdi2k (2026fe7c9e6b26ffeb08cd89c6326b91) C:\WINDOWS\system32\drivers\mfetdi2k.sys
    19:00:22.0015 4604 mfetdi2k - ok
    19:00:22.0046 4604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    19:00:22.0062 4604 mnmdd - ok
    19:00:22.0109 4604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    19:00:22.0125 4604 Modem - ok
    19:00:22.0171 4604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:00:22.0171 4604 Mouclass - ok
    19:00:22.0218 4604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    19:00:22.0218 4604 mouhid - ok
    19:00:22.0265 4604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    19:00:22.0265 4604 MountMgr - ok
    19:00:22.0312 4604 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    19:00:22.0406 4604 mraid35x - ok
    19:00:22.0468 4604 MRVW245 (be92f1eefdb3d9d231f3496b3cf007cc) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
    19:00:22.0578 4604 MRVW245 - ok
    19:00:22.0671 4604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:00:22.0687 4604 MRxDAV - ok
    19:00:22.0750 4604 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:00:22.0765 4604 MRxSmb - ok
    19:00:22.0796 4604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    19:00:22.0796 4604 Msfs - ok
    19:00:22.0843 4604 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
    19:00:22.0937 4604 MSHUSBVideo - ok
    19:00:23.0000 4604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:00:23.0000 4604 MSKSSRV - ok
    19:00:23.0046 4604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:00:23.0046 4604 MSPCLOCK - ok
    19:00:23.0078 4604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    19:00:23.0093 4604 MSPQM - ok
    19:00:23.0140 4604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:00:23.0140 4604 mssmbios - ok
    19:00:23.0171 4604 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    19:00:23.0187 4604 MSTEE - ok
    19:00:23.0250 4604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    19:00:23.0250 4604 Mup - ok
    19:00:23.0296 4604 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    19:00:23.0312 4604 NABTSFEC - ok
    19:00:23.0359 4604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    19:00:23.0359 4604 NDIS - ok
    19:00:23.0406 4604 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
    19:00:23.0500 4604 ndiscm - ok
    19:00:23.0531 4604 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    19:00:23.0546 4604 NdisIP - ok
    19:00:23.0609 4604 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:00:23.0609 4604 NdisTapi - ok
    19:00:23.0687 4604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:00:23.0687 4604 Ndisuio - ok
    19:00:23.0750 4604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:00:23.0765 4604 NdisWan - ok
    19:00:23.0812 4604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    19:00:23.0812 4604 NDProxy - ok
    19:00:23.0843 4604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:00:23.0843 4604 NetBIOS - ok
    19:00:23.0875 4604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:00:23.0890 4604 NetBT - ok
    19:00:24.0015 4604 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
    19:00:24.0156 4604 NETw3x32 - ok
    19:00:24.0375 4604 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
    19:00:24.0468 4604 NETw4x32 - ok
    19:00:24.0625 4604 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    19:00:24.0625 4604 NIC1394 - ok
    19:00:24.0671 4604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    19:00:24.0687 4604 Npfs - ok
    19:00:24.0718 4604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    19:00:24.0734 4604 Ntfs - ok
    19:00:24.0859 4604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    19:00:24.0875 4604 Null - ok
    19:00:24.0968 4604 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    19:00:25.0015 4604 nv - ok
    19:00:25.0171 4604 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
    19:00:25.0250 4604 NWADI - ok
    19:00:25.0265 4604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:00:25.0265 4604 NwlnkFlt - ok
    19:00:25.0296 4604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:00:25.0296 4604 NwlnkFwd - ok
    19:00:25.0328 4604 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
    19:00:25.0390 4604 NWUSBCDFIL - ok
    19:00:25.0421 4604 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
    19:00:25.0500 4604 NWUSBModem - ok
    19:00:25.0609 4604 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
    19:00:25.0671 4604 NWUSBPort - ok
    19:00:25.0703 4604 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
    19:00:25.0703 4604 NWUSBPort2 - ok
    19:00:25.0765 4604 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    19:00:25.0765 4604 ohci1394 - ok
    19:00:25.0781 4604 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
    19:00:25.0843 4604 omci - ok
    19:00:25.0890 4604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    19:00:25.0890 4604 Parport - ok
    19:00:25.0921 4604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    19:00:25.0921 4604 PartMgr - ok
    19:00:26.0046 4604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    19:00:26.0062 4604 ParVdm - ok
    19:00:26.0093 4604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    19:00:26.0093 4604 PCI - ok
    19:00:26.0109 4604 PCIDump - ok
    19:00:26.0125 4604 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:00:26.0125 4604 PCIIde - ok
    19:00:26.0171 4604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:00:26.0187 4604 Pcmcia - ok
    19:00:26.0203 4604 PDCOMP - ok
    19:00:26.0218 4604 PDFRAME - ok
    19:00:26.0218 4604 PDRELI - ok
    19:00:26.0234 4604 PDRFRAME - ok
    19:00:26.0281 4604 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    19:00:26.0343 4604 perc2 - ok
    19:00:26.0375 4604 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    19:00:26.0390 4604 perc2hib - ok
    19:00:26.0453 4604 PhilCam8116_XP - ok
    19:00:26.0500 4604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:00:26.0500 4604 PptpMiniport - ok
    19:00:26.0531 4604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    19:00:26.0531 4604 PSched - ok
    19:00:26.0562 4604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:00:26.0562 4604 Ptilink - ok
    19:00:26.0625 4604 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    19:00:26.0625 4604 PxHelp20 - ok
    19:00:26.0671 4604 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    19:00:26.0671 4604 ql1080 - ok
    19:00:26.0718 4604 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    19:00:26.0718 4604 Ql10wnt - ok
    19:00:26.0796 4604 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    19:00:26.0812 4604 ql12160 - ok
    19:00:26.0875 4604 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    19:00:26.0890 4604 ql1240 - ok
    19:00:26.0921 4604 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    19:00:26.0921 4604 ql1280 - ok
    19:00:26.0953 4604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:00:26.0953 4604 RasAcd - ok
    19:00:27.0000 4604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:00:27.0000 4604 Rasl2tp - ok
    19:00:27.0046 4604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:00:27.0062 4604 RasPppoe - ok
    19:00:27.0078 4604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:00:27.0078 4604 Raspti - ok
    19:00:27.0171 4604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:00:27.0187 4604 Rdbss - ok
    19:00:27.0187 4604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:00:27.0203 4604 RDPCDD - ok
    19:00:27.0250 4604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    19:00:27.0265 4604 rdpdr - ok
    19:00:27.0312 4604 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    19:00:27.0312 4604 RDPWD - ok
    19:00:27.0359 4604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:00:27.0359 4604 redbook - ok
    19:00:27.0484 4604 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    19:00:27.0687 4604 rimmptsk - ok
    19:00:27.0750 4604 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    19:00:27.0765 4604 rimsptsk - ok
    19:00:27.0796 4604 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    19:00:27.0921 4604 rismxdp - ok
    19:00:27.0968 4604 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    19:00:28.0046 4604 s24trans - ok
    19:00:28.0093 4604 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    19:00:28.0109 4604 sdbus - ok
    19:00:28.0171 4604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:00:28.0171 4604 Secdrv - ok
    19:00:28.0281 4604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    19:00:28.0296 4604 serenum - ok
    19:00:28.0328 4604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    19:00:28.0328 4604 Serial - ok
    19:00:28.0375 4604 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    19:00:28.0375 4604 sffdisk - ok
    19:00:28.0406 4604 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    19:00:28.0406 4604 sffp_sd - ok
    19:00:28.0437 4604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:00:28.0437 4604 Sfloppy - ok
    19:00:28.0484 4604 Simbad - ok
    19:00:28.0515 4604 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    19:00:28.0531 4604 sisagp - ok
    19:00:28.0640 4604 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    19:00:28.0656 4604 SLIP - ok
    19:00:28.0750 4604 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
    19:00:28.0750 4604 SMSIVZAM5 - ok
    19:00:28.0796 4604 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    19:00:28.0796 4604 Sparrow - ok
    19:00:28.0859 4604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    19:00:28.0875 4604 splitter - ok
    19:00:28.0953 4604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    19:00:28.0953 4604 sr - ok
    19:00:29.0031 4604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    19:00:29.0031 4604 Srv - ok
    19:00:29.0078 4604 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    19:00:29.0078 4604 sscdbhk5 - ok
    19:00:29.0109 4604 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
    19:00:29.0218 4604 ssrtln - ok
    19:00:29.0328 4604 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
    19:00:29.0406 4604 STHDA - ok
    19:00:29.0500 4604 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    19:00:29.0515 4604 streamip - ok
    19:00:29.0562 4604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:00:29.0578 4604 swenum - ok
    19:00:29.0609 4604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    19:00:29.0609 4604 swmidi - ok
    19:00:29.0656 4604 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    19:00:29.0718 4604 symc810 - ok
    19:00:29.0750 4604 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    19:00:29.0859 4604 symc8xx - ok
    19:00:29.0890 4604 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    19:00:29.0906 4604 sym_hi - ok
    19:00:30.0140 4604 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    19:00:30.0328 4604 sym_u3 - ok
    19:00:30.0437 4604 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    19:00:30.0500 4604 SynTP - ok
    19:00:30.0734 4604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    19:00:30.0734 4604 sysaudio - ok
    19:00:30.0875 4604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:00:30.0890 4604 Tcpip - ok
    19:00:30.0984 4604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:00:31.0000 4604 TDPIPE - ok
    19:00:31.0015 4604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    19:00:31.0031 4604 TDTCP - ok
    19:00:31.0125 4604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:00:31.0125 4604 TermDD - ok
    19:00:31.0203 4604 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
    19:00:31.0328 4604 tfsnboio - ok
    19:00:31.0390 4604 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
    19:00:31.0468 4604 tfsncofs - ok
    19:00:31.0796 4604 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
    19:00:31.0796 4604 tfsndrct - ok
    19:00:31.0906 4604 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
    19:00:31.0906 4604 tfsndres - ok
    19:00:31.0953 4604 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
    19:00:31.0953 4604 tfsnifs - ok
    19:00:31.0984 4604 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
    19:00:32.0046 4604 tfsnopio - ok
    19:00:32.0078 4604 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
    19:00:32.0187 4604 tfsnpool - ok
    19:00:32.0250 4604 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
    19:00:32.0375 4604 tfsnudf - ok
    19:00:32.0468 4604 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
    19:00:32.0468 4604 tfsnudfa - ok
    19:00:32.0531 4604 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    19:00:32.0531 4604 TosIde - ok
    19:00:32.0609 4604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    19:00:32.0609 4604 Udfs - ok
    19:00:32.0687 4604 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    19:00:32.0796 4604 ultra - ok
    19:00:32.0921 4604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    19:00:32.0937 4604 Update - ok
    19:00:32.0984 4604 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    19:00:32.0984 4604 usbaudio - ok
    19:00:33.0015 4604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    19:00:33.0015 4604 usbccgp - ok
    19:00:33.0046 4604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:00:33.0062 4604 usbehci - ok
    19:00:33.0156 4604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:00:33.0171 4604 usbhub - ok
    19:00:33.0218 4604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    19:00:33.0234 4604 usbprint - ok
    19:00:33.0296 4604 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    19:00:33.0296 4604 usbscan - ok
    19:00:33.0343 4604 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:00:33.0359 4604 USBSTOR - ok
    19:00:33.0468 4604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    19:00:33.0484 4604 usbuhci - ok
    19:00:33.0562 4604 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    19:00:33.0578 4604 usbvideo - ok
    19:00:33.0718 4604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    19:00:33.0750 4604 VgaSave - ok
    19:00:33.0765 4604 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    19:00:33.0765 4604 viaagp - ok
    19:00:33.0843 4604 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    19:00:33.0859 4604 ViaIde - ok
    19:00:33.0906 4604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    19:00:33.0906 4604 VolSnap - ok
    19:00:33.0984 4604 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    19:00:34.0078 4604 w39n51 - ok
    19:00:34.0218 4604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:00:34.0218 4604 Wanarp - ok
    19:00:34.0265 4604 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    19:00:34.0281 4604 wanatw - ok
    19:00:34.0296 4604 WDICA - ok
    19:00:34.0312 4604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    19:00:34.0328 4604 wdmaud - ok
    19:00:34.0406 4604 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    19:00:34.0546 4604 winachsf - ok
    19:00:34.0718 4604 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    19:00:34.0718 4604 WmiAcpi - ok
    19:00:34.0765 4604 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    19:00:34.0765 4604 WS2IFSL - ok
    19:00:34.0812 4604 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    19:00:34.0812 4604 WSTCODEC - ok
    19:00:34.0859 4604 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    19:00:34.0859 4604 WudfPf - ok
    19:00:34.0906 4604 MBR (0x1B8) (dea9e81f0228b68c9adaf84c9b0cf931) \Device\Harddisk0\DR0
    19:00:34.0906 4604 \Device\Harddisk0\DR0 - ok
    19:00:34.0921 4604 Boot (0x1200) (5e0bcb2121f888eecc9a60ffd741de39) \Device\Harddisk0\DR0\Partition0
    19:00:34.0921 4604 \Device\Harddisk0\DR0\Partition0 - ok
    19:00:34.0953 4604 Boot (0x1200) (55bfd6beb343370b4cd378727f5db448) \Device\Harddisk0\DR0\Partition1
    19:00:34.0953 4604 \Device\Harddisk0\DR0\Partition1 - ok
    19:00:34.0953 4604 ============================================================
    19:00:34.0953 4604 Scan finished
    19:00:34.0953 4604 ============================================================
    19:00:34.0953 4584 Detected object count: 0
    19:00:34.0953 4584 Actual detected object count: 0
     
    sambaker,
    #12
  14. 2011/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #13
  15. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    ComboFix 11-09-28.06 - Brandon McGahee 09/28/2011 20:06:38.7.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1182 [GMT -4:00]
    Running from: c:\documents and settings\Brandon McGahee\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\chrome.manifest
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\chrome\xulcache.jar
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\defaults\preferences\xulcache.js
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\install.rdf
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\chrome.manifest
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\chrome\xulcache.jar
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\defaults\preferences\xulcache.js
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j7f7mlpw.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\install.rdf
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.50eb7ce1.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
    c:\documents and settings\All Users\Application Data\adbabaa.tmp
    c:\documents and settings\All Users\Application Data\bdbabaa.tmp
    c:\documents and settings\All Users\Application Data\cdbabaa.tmp
    c:\documents and settings\All Users\Application Data\fcyzaaa.tmp
    c:\documents and settings\All Users\Application Data\gcyzaaa.tmp
    c:\documents and settings\All Users\Application Data\gfkabaa.tmp
    c:\documents and settings\All Users\Application Data\hcyzaaa.tmp
    c:\documents and settings\All Users\Application Data\hfkabaa.tmp
    c:\documents and settings\All Users\Application Data\icyzaaa.tmp
    c:\documents and settings\All Users\Application Data\ifkabaa.tmp
    c:\documents and settings\All Users\Application Data\iqcabaa.tmp
    c:\documents and settings\All Users\Application Data\jfkabaa.tmp
    c:\documents and settings\All Users\Application Data\jqcabaa.tmp
    c:\documents and settings\All Users\Application Data\kqcabaa.tmp
    c:\documents and settings\All Users\Application Data\lqcabaa.tmp
    c:\documents and settings\All Users\Application Data\mehabaa.tmp
    c:\documents and settings\All Users\Application Data\mqcabaa.tmp
    c:\documents and settings\All Users\Application Data\nehabaa.tmp
    c:\documents and settings\All Users\Application Data\oehabaa.tmp
    c:\documents and settings\All Users\Application Data\opzzaaa.tmp
    c:\documents and settings\All Users\Application Data\pehabaa.tmp
    c:\documents and settings\All Users\Application Data\ppzzaaa.tmp
    c:\documents and settings\All Users\Application Data\qehabaa.tmp
    c:\documents and settings\All Users\Application Data\qpzzaaa.tmp
    c:\documents and settings\All Users\Application Data\rpzzaaa.tmp
    c:\documents and settings\All Users\Application Data\sdeabaa.tmp
    c:\documents and settings\All Users\Application Data\spzzaaa.tmp
    c:\documents and settings\All Users\Application Data\tdeabaa.tmp
    c:\documents and settings\All Users\Application Data\udeabaa.tmp
    c:\documents and settings\All Users\Application Data\vdeabaa.tmp
    c:\documents and settings\All Users\Application Data\wdeabaa.tmp
    c:\documents and settings\All Users\Application Data\ycbabaa.tmp
    c:\documents and settings\All Users\Application Data\zcbabaa.tmp
    c:\documents and settings\All Users\Documents\s
    c:\documents and settings\All Users\Documents\win32.dll
    c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}
    c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\chrome.manifest
    c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\chrome\xulcache.jar
    c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\defaults\preferences\xulcache.js
    c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{2008bf20-ee83-4c86-9120-595b1c6f7bdf}\install.rdf
    c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}
    c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\chrome.manifest
    c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\chrome\xulcache.jar
    c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\defaults\preferences\xulcache.js
    c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{4fd13b18-400c-41e1-9d5d-89f4fc73ad65}\install.rdf
    c:\documents and settings\Brandon McGahee\bfkfjwqhhj.tmp
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.50eb7ce1.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\InCC2.exe.5f957998.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b72c2a1d.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\SLB6.tmp.fd01064f.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\SLBC.tmp.ed8db97c.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse
    C:\RECYCLER(2)
    c:\recycler(2)\S-1-5-21-1915563299-3972609359-212629399-1006(2)\Dc1.txt
    c:\recycler(2)\S-1-5-21-1915563299-3972609359-212629399-1006(2)\INFO2
    c:\windows\AutoRun.ini
    c:\windows\expl.dat
    c:\windows\system32\d3d9caps.dat
    c:\windows\system32\dllc.dat
    c:\windows\system32\svch.dat
    c:\windows\system32\winl.dat
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
    .
    Infected copy of c:\windows\system32\svchost.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\svchost.exe
    .
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\explorer.exe
    .
    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\winlogon.exe
    Infected copy of c:\windows\system32\svchost.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\svchost.exe
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\explorer.exe
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-29 00:21 . 2011-09-29 00:22 -------- d-----w- c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory
    2011-09-28 22:51 . 2011-09-29 00:20 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{7487AC80-9DCE-4987-AE06-9E225276E747}\offreg.dll
    2011-09-27 23:54 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{7487AC80-9DCE-4987-AE06-9E225276E747}\mpengine.dll
    2011-09-27 07:57 . 2011-09-27 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2011-09-21 10:02 . 2011-08-19 19:56 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
    2011-09-15 16:38 . 2011-09-15 16:38 -------- d--h--w- c:\windows\system32\WLANProfiles
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-29 00:24 . 2010-06-23 21:47 4784 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-09-12 23:14 . 2006-08-17 03:36 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-31 21:00 . 2011-07-08 22:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-15 14:00 . 2010-08-19 21:22 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-08-15 14:00 . 2010-08-19 21:21 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-08-15 14:00 . 2010-08-19 21:21 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-08-15 14:00 . 2010-08-19 21:21 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-08-15 14:00 . 2010-08-19 21:21 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-08-15 14:00 . 2010-08-19 21:21 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-08-15 14:00 . 2010-08-19 21:21 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-08-15 14:00 . 2007-02-08 04:48 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-08-15 14:00 . 2007-02-08 04:48 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-08-15 14:00 . 2007-02-08 04:48 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-08-14 21:33 . 2011-05-14 16:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-08-31 19:20 . 2011-06-25 23:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 18:01 . 2010-08-19 21:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold "= "c:\program files\NetWaiting\NetWaiting.exe" [2003-09-10 20480]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    "Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
    "Messenger (Yahoo!) "= "c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
    "CaISSDT "= "c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2005-12-29 165416]
    "eTrustPPAP "= "c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-11-24 258048]
    "IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
    "dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-20 198160]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]
    "LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-09-24 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AutoLaunch "= "c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-08 669936]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-5-16 1581056]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-10 24576]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    "DisableNotifications "= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\utorrent\\utorrent.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\America Online 9.0\\waol.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/2/2009 3:16 PM 64160]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/19/2010 5:21 PM 89624]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1036104]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 5:21 PM 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 5:21 PM 214904]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/19/2010 5:22 PM 160344]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/19/2010 5:21 PM 148520]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/19/2010 5:21 PM 57432]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/19/2010 5:21 PM 338040]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/19/2010 5:21 PM 83688]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/19/2010 5:21 PM 83688]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/19/2010 5:21 PM 87808]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/27/2010 4:22 PM 30576]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 5:28 AM 4639136]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:16]
    .
    2011-09-29 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.msn.com/
    uInternet Settings,ProxyServer = 128.59.20.227:3124
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    Trusted Zone: musicmatch.com\online
    TCP: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
    FF - ProfilePath - c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61152
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-28 20:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \$»»]
    "Q "=hex:51
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \Ã#$]
    "Q "=hex:51
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \ÃE¼]
    "Q "=hex:51
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1548)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(4088)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\netprovcredman.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\windows\System32\GEARSec.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Belkin\F5D8051v2\chkdev.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-28 20:30:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-29 00:29
    .
    Pre-Run: 34,238,631,936 bytes free
    Post-Run: 39,774,875,648 bytes free
    .
    - - End Of File - - 03FE0A9F65B37672B56E2D12E1EE9826
     
    sambaker,
    #14
  16. 2011/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ==========================================================

    How is computer doing?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DDS::
uInternet Settings,ProxyServer = 128.59.20.227:3124


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring "=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
 "DisableMonitoring "=dword:00000000

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #15
  17. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    One question: Do I include the word "Code:" from the code box above in the CFScript.txt file?

    Computer seems to be running a bit better/faster. I have not had any issues since Combofix ran, but have not done much, either. Basically, nothing negative to report.
     
    sambaker,
    #16
  18. 2011/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No....
     
    broni,
    #17
  19. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    I did a few tests and the Google redirect issue does not occur now. Have not heard any random ads, either.

    Here is the last ComboFix.txt log file using the CFScript:

    ComboFix 11-09-28.06 - Brandon McGahee 09/28/2011 21:40:15.8.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1196 [GMT -4:00]
    Running from: c:\documents and settings\Brandon McGahee\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Brandon McGahee\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Brandon McGahee\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-28 22:51 . 2011-09-29 00:20 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{7487AC80-9DCE-4987-AE06-9E225276E747}\offreg.dll
    2011-09-27 23:54 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{7487AC80-9DCE-4987-AE06-9E225276E747}\mpengine.dll
    2011-09-21 10:02 . 2011-08-19 19:56 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
    2011-09-15 16:38 . 2011-09-15 16:38 -------- d--h--w- c:\windows\system32\WLANProfiles
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-29 00:24 . 2010-06-23 21:47 4784 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-09-12 23:14 . 2006-08-17 03:36 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-31 21:00 . 2011-07-08 22:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-15 14:00 . 2010-08-19 21:22 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-08-15 14:00 . 2010-08-19 21:21 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-08-15 14:00 . 2010-08-19 21:21 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-08-15 14:00 . 2010-08-19 21:21 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-08-15 14:00 . 2010-08-19 21:21 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-08-15 14:00 . 2010-08-19 21:21 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-08-15 14:00 . 2010-08-19 21:21 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-08-15 14:00 . 2007-02-08 04:48 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-08-15 14:00 . 2007-02-08 04:48 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-08-15 14:00 . 2007-02-08 04:48 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-08-14 21:33 . 2011-05-14 16:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-08-31 19:20 . 2011-06-25 23:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 18:01 . 2010-08-19 21:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-09-29_00.20.57 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-09-29 00:50 . 2011-09-29 00:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2006-08-15 21:54 . 2011-09-29 00:53 1294336 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2006-08-15 21:54 . 2011-09-29 00:03 1294336 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold "= "c:\program files\NetWaiting\NetWaiting.exe" [2003-09-10 20480]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    "Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
    "Messenger (Yahoo!) "= "c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
    "CaISSDT "= "c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2005-12-29 165416]
    "eTrustPPAP "= "c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-11-24 258048]
    "IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
    "dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
    "dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-20 198160]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1317016]
    "LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2011-09-24 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "AutoLaunch "= "c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-08 669936]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-5-16 1581056]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-10 24576]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @= "Service "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    "DisableNotifications "= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\utorrent\\utorrent.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\America Online 9.0\\waol.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe "=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/2/2009 3:16 PM 64160]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/19/2010 5:21 PM 89624]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1036104]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 5:21 PM 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/19/2010 5:21 PM 214904]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/19/2010 5:22 PM 160344]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/19/2010 5:21 PM 148520]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/19/2010 5:21 PM 57432]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/19/2010 5:21 PM 338040]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/19/2010 5:21 PM 83688]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/19/2010 5:21 PM 83688]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/19/2010 5:21 PM 87808]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/27/2010 4:22 PM 30576]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 5:28 AM 4639136]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:16]
    .
    2011-09-29 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = www.msn.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    Trusted Zone: musicmatch.com\online
    TCP: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
    FF - ProfilePath - c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61152
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-28 21:48
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \$»»]
    "Q "=hex:51
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \Ã#$]
    "Q "=hex:51
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ã*J*¬ \ÃE¼]
    "Q "=hex:51
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1548)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2011-09-28 21:51:00
    ComboFix-quarantined-files.txt 2011-09-29 01:50
    ComboFix2.txt 2011-09-29 00:30
    .
    Pre-Run: 39,794,302,976 bytes free
    Post-Run: 39,761,305,600 bytes free
    .
    - - End Of File - - 8DA23E33217731CA7EBB0B0829330ABD
     
    sambaker,
    #18
  20. 2011/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #19
  21. 2011/09/28
    sambaker

    sambaker Inactive Thread Starter

    Joined:
    2010/06/07
    Messages:
    76
    Likes Received:
    0
    Here is the first part of the OTL.txt file:

    OTL logfile created on: 9/28/2011 10:42:45 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Brandon McGahee\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.72% Memory free
    3.85 Gb Paging File | 2.96 Gb Available in Paging File | 76.88% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 66.68 Gb Total Space | 37.07 Gb Free Space | 55.60% Space Free | Partition Type: NTFS
    Drive D: | 21.53 Gb Total Space | 21.46 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

    Computer Name: BRANDON | User Name: Brandon McGahee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/28 22:38:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
    PRC - [2011/09/10 00:51:34 | 001,317,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2011/08/19 15:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    PRC - [2011/08/19 15:55:34 | 000,160,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2011/08/19 15:55:18 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/06/08 15:16:12 | 001,036,104 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2011/06/08 15:16:12 | 000,528,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2011/02/07 16:42:10 | 000,477,560 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
    PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2010/12/14 07:31:12 | 000,184,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
    PRC - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2009/10/19 20:09:14 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/07/16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
    PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/08 14:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    PRC - [2007/10/08 14:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2007/01/19 17:17:42 | 001,581,056 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
    PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2006/09/21 19:04:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\ChkDev.exe
    PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2005/12/29 16:42:18 | 000,165,416 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    PRC - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
    PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/28 20:21:47 | 000,109,080 | ---- | M] () -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
    MOD - [2011/08/11 22:08:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
    MOD - [2011/08/11 22:05:54 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
    MOD - [2011/06/25 19:54:49 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    MOD - [2011/06/08 15:16:18 | 001,640,216 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
    MOD - [2011/06/08 15:16:17 | 000,256,424 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
    MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2009/07/16 16:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
    MOD - [2009/07/16 16:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
    MOD - [2009/07/16 16:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
    MOD - [2009/07/16 16:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll
    MOD - [2009/07/16 16:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll
    MOD - [2009/07/16 16:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
    MOD - [2009/07/16 16:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll
    MOD - [2009/07/16 16:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
    MOD - [2009/07/16 16:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
    MOD - [2009/07/16 16:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
    MOD - [2009/07/16 16:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
    MOD - [2009/07/16 16:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll
    MOD - [2009/07/03 10:49:08 | 000,168,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
    MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2007/10/08 14:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
    MOD - [2007/05/17 14:42:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
    MOD - [2006/11/28 10:41:50 | 000,176,128 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\BelkinwcuiDLL.dll
    MOD - [2006/09/21 19:04:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\ChkDev.exe
    MOD - [2006/04/21 14:34:10 | 000,217,088 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\NWTools.dll
    MOD - [2004/04/11 20:57:44 | 000,040,960 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DirWatcher.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/08/19 15:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2011/08/19 15:55:34 | 000,160,344 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV - [2011/08/19 15:55:18 | 000,166,024 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/06/08 15:16:12 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
    SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
    SRV - [2005/09/28 22:02:26 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
    SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/08/15 10:00:06 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/08/15 10:00:06 | 000,338,040 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/08/15 10:00:06 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/08/15 10:00:06 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/08/15 10:00:06 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2011/08/15 10:00:06 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/08/15 10:00:06 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2011/08/15 10:00:06 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2011/08/15 10:00:06 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2011/08/15 10:00:06 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/05/20 16:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
    DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/07/03 10:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
    DRV - [2008/07/26 11:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2008/07/26 11:24:48 | 000,095,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/11/08 07:14:00 | 000,498,816 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/06/22 18:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
    DRV - [2006/05/24 19:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2006/05/24 19:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
    DRV - [2006/05/24 19:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006/05/24 19:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2006/05/24 19:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
    DRV - [2006/05/24 19:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/05/24 18:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2006/05/24 18:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
    DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/02/16 00:39:00 | 001,421,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/12/04 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/09/29 16:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
    DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 128.59.20.227:3124

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 128.59.20.227:3124

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]

    IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com/
    IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 8F 66 00 E1 C5 70 47 B9 F5 06 AF 12 02 82 D1 [binary data]
    IE - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..network.proxy.http: "127.0.0.1 "
    FF - prefs.js..network.proxy.http_port: 61152
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/09/28 20:28:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 20:58:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 20:12:17 | 000,000,000 | ---D | M]

    [2010/05/08 21:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Extensions
    [2011/09/28 20:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions
    [2010/05/08 22:21:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/08 22:22:19 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
    [2011/07/09 15:08:09 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/06/25 19:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/13 02:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/09 12:57:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/12/09 14:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\BRANDON MCGAHEE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6AKBZGC3.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
    [2011/09/28 20:28:19 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
    [2010/06/13 02:10:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/08/31 15:20:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
    [2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/08/20 12:09:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/09/28 21:48:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110921060232.dll (McAfee, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [CaISSDT] C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe (Computer Associates International, Inc.)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [eTrustPPAP] C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe (Computer Associates)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
    O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
    O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe (Belkin)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158294370062 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB4701E-7992-43BE-B3E3-AA95F43D6B7F}: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC419E6E-D16B-4E54-B5CA-E6F8AE74D64F}: DhcpNameServer = 12.127.16.67 12.127.17.71 12.127.16.68
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-1915563299-3972609359-212629399-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/28 22:38:33 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
    [2011/09/28 20:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/09/28 20:03:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/09/28 20:03:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/09/28 20:03:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/09/28 20:03:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/09/28 20:03:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/28 19:48:21 | 004,232,793 | R--- | C] (Swearware) -- C:\Documents and Settings\Brandon McGahee\Desktop\ComboFix.exe
    [2011/09/28 05:09:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brandon McGahee\Start Menu\Programs\Administrative Tools
    [2011/09/15 12:38:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\WLANProfiles
    [2006/08/10 11:22:31 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
    [2006/08/10 11:22:31 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
    [2006/08/10 11:22:31 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
    [2006/08/10 11:22:31 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
    [2006/08/10 11:22:31 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
    [2006/08/10 11:22:31 | 000,491,520 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcoms.exe
    [2006/08/10 11:22:31 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
    [2006/08/10 11:22:31 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
    [2006/08/10 11:22:31 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfih.exe
    [2006/08/10 11:22:31 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcfg.exe
    [2006/08/10 11:22:31 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
    [2006/08/10 11:22:31 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
    [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/28 22:38:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
    [2011/09/28 21:48:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/09/28 20:23:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/09/28 20:20:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/28 20:20:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/28 20:20:03 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/28 19:49:00 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\Shortcut to ComboFix.exe.lnk
    [2011/09/28 19:48:24 | 004,232,793 | R--- | M] (Swearware) -- C:\Documents and Settings\Brandon McGahee\Desktop\ComboFix.exe
    [2011/09/28 18:55:58 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brandon McGahee\Desktop\tdsskiller.exe
    [2011/09/28 05:07:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\MBR.dat
    [2011/09/23 19:37:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/16 03:02:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/09/12 15:16:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/09/06 22:02:08 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========
     
    sambaker,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...