Solved event code 7034 The Remote Procedure Call service terminated

musikeros · 2009/09/16

[Resolved] event code 7034 The Remote Procedure Call service terminated

I need help. I could not start the Remote Procedure Call (HMG) service, error 22: the process cannot access the file because its being used by another process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:36 AM, on 9/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Java\jre6\bin\jqs.exe
D:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\McAfee\VirusScan Enterprise\EngineServer.exe
D:\McAfee\Common Framework\FrameworkService.exe
D:\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
D:\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
D:\McAfee\Common Framework\udaterui.exe
D:\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
D:\McAfee\Common Framework\McTray.exe
D:\Nuance\PDF Professional 5\pdfpro5hook.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
D:\Java\jre6\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
D:\Windows Defender\MSASCui.exe
D:\BitTorrent\bittorrent.exe
D:\CleanMyPC\Registry Cleaner\RCHelper.exe
D:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Solidworks 2009\SolidWorks\swScheduler\swBOEngine.exe
D:\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\METALM~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
D:\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Trend Micro\HijackThis\HijackThis.exe
d:\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "D:\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [PDFHook] D:\Nuance\PDF Professional 5\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] D:\Nuance\PDF Professional 5\RegistryController.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eLockMonitor] D:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Windows Defender] "D:\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "d:\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = D:\Solidworks 2009\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://D:\Nuance\PDF Professional 5\cnvres_eng.dll /100
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - D:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault SystÃ¨mes SolidWorks Corp. - D:\Solidworks 2009\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java\jre6\bin\jqs.exe
O23 - Service: LockServ - Unknown owner - D:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - D:\Nuance\PDF Professional 5\PDFProFiltSrv.exe
O23 - Service: Remote Procedure Call (HGM) (RPCHGM) - Unknown owner - C:\Program Files\NetMeeting\secedit.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 13758 bytes

PeteC · 2009/09/16

Welcome to WindowsBBS

Had you read the Announcement at the head of the forum you would have appreciated that an HJT log is no longer sufficient .....

Please read this as indicated at the head of the forum and post the logs requested in this thread.

musikeros · 2009/09/16

DDS & Attach Logs

Here are the logs.
Thank you very much.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Metal Monkey at 6:24:39.70 on Thu 09/17/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1041 [GMT 8:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Java\jre6\bin\jqs.exe
D:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\McAfee\VirusScan Enterprise\EngineServer.exe
D:\McAfee\Common Framework\FrameworkService.exe
D:\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
"C:\WINDOWS\system32\svchost.exe" 40706
C:\WINDOWS\system32\SearchIndexer.exe
D:\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
D:\McAfee\Common Framework\udaterui.exe
D:\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
D:\McAfee\Common Framework\McTray.exe
D:\Nuance\PDF Professional 5\pdfpro5hook.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
D:\Java\jre6\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
D:\Windows Defender\MSASCui.exe
D:\BitTorrent\bittorrent.exe
D:\CleanMyPC\Registry Cleaner\RCHelper.exe
D:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Solidworks 2009\SolidWorks\swScheduler\swBOEngine.exe
D:\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\METALM~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\WINDOWS\system32\dllhost.exe
"C:\WINDOWS\system32\svchost.exe" 40706
C:\WINDOWS\system32\SearchProtocolHost.exe
D:\iTunes\iTunes.exe
d:\Mozilla Firefox\firefox.exe
"C:\WINDOWS\system32\svchost.exe" 40706
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Metal Monkey\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - d:\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\mcafee\virusscan enterprise\scriptsn.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - d:\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - d:\nuance\pdf professional 5\bin\ZeonIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\orbitdownloader\GrabPro.dll
uRun: [BitTorrent] "d:\bittorrent\bittorrent.exe "
uRun: [SpybotSD TeaTimer] d:\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Registry Cleaner Scheduler] "d:\cleanmypc\registry cleaner\RCHelper.exe" /startup
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [McAfeeUpdaterUI] "d:\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "d:\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [UnlockerAssistant] "d:\unlocker\UnlockerAssistant.exe "
mRun: [PDFHook] d:\nuance\pdf professional 5\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] d:\nuance\pdf professional 5\RegistryController.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [eLockMonitor] d:\acer\empowering technology\elock\monitor\LaunchMonitor.exe
mRun: [SolidWorks_CheckForUpdates] "c:\program files\common files\solidworks installation manager\scheduler\sldIMScheduler.exe" /scheduler
mRun: [SunJavaUpdateSched] "d:\java\jre6\bin\jusched.exe "
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe "
mRun: [Windows Defender] "d:\windows defender\MSASCui.exe" -hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\metalm~1\startm~1\programs\startup\solidw~1.lnk - d:\solidworks 2009\solidworks\swscheduler\swBOEngine.exe
StartupFolder: c:\docume~1\metalm~1\startm~1\programs\startup\stardo~1.lnk - d:\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - d:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Download by Orbit - d:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\orbitdownloader\orbitmxt.dll/204
IE: Append the content of the link to existing PDF file - d:\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - d:\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - d:\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - d:\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - d:\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - d:\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Do&wnload selected by Orbit - d:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - d:\nuance\pdf professional 5\cnvres_eng.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - d:\window~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\metalm~1\applic~1\mozilla\firefox\profiles\b5wr3u3t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: d:\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: d:\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\divx\divx web player\npdivx32.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\videolan\vlc\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
d:\mozilla firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
d:\mozilla firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
d:\mozilla firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
d:\mozilla firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
d:\mozilla firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
d:\mozilla firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
d:\mozilla firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
d:\mozilla firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
d:\mozilla firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
d:\mozilla firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
d:\mozilla firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
d:\mozilla firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
d:\mozilla firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
d:\mozilla firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
d:\mozilla firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
d:\mozilla firefox\greprefs\all.js - pref( "geo.enabled ", true);
d:\mozilla firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
d:\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
d:\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
d:\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
d:\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
d:\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
d:\mozilla firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-3 340592]
R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2009-2-14 116736]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2009-6-20 17664]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2009-6-20 90112]
R2 LockServ;LockServ;d:\acer\empowering technology\elock\lockserv.exe -p --> d:\acer\empowering technology\elock\LockServ.exe -p [?]
R2 McAfeeEngineService;McAfee Engine Service;d:\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;d:\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;d:\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
R2 McTaskManager;McAfee Task Manager;d:\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-5-3 67904]
R2 PDFProFiltSrv;PDFProFiltSrv;d:\nuance\pdf professional 5\PDFProFiltSrv.exe [2008-2-2 144672]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-5-3 603904]
R2 WinDefend;Windows Defender;d:\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [2009-8-23 16640]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-3 90360]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-3 42424]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-5-3 30880]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-12 133104]
S2 RPCHGM;Remote Procedure Call (HGM);c:\program files\netmeeting\secedit.exe [2009-7-8 22863560]
S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [2009-7-8 17920]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\solidworks 2009\solidworks\swscheduler\DTSCoordinatorService.exe [2008-9-9 79144]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-6-15 30192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-5-3 64432]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-10-26 2799808]

=============== Created Last 30 ================

2009-09-16 06:13 <DIR> --d----- c:\documents and settings\metal monkey\.juststyle
2009-09-15 21:37 <DIR> --d----- c:\windows\system32\NtmsData
2009-09-15 21:32 5,512 a------- c:\windows\system32\drivers\txtsetup.oem
2009-09-15 21:32 364,544 a------- c:\windows\system32\drivers\nvraidco.dll
2009-09-15 21:32 12,132 a------- c:\windows\system32\drivers\nvraid.cat
2009-09-15 21:32 8,535 a------- c:\windows\system32\drivers\nvide.nvu
2009-09-15 21:32 5,499 a------- c:\windows\system32\drivers\nvrd32.inf
2009-09-15 21:32 353,280 a------- c:\windows\system32\drivers\idecoi.dll
2009-09-15 21:32 5 a------- c:\windows\system32\drivers\disk1
2009-09-13 08:22 <DIR> --d----- c:\docume~1\metalm~1\applic~1\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-09-12 12:33 <DIR> --d----- c:\program files\iPod
2009-09-12 12:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-08-29 19:09 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-29 19:09 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-29 12:10 <DIR> --d----- c:\docume~1\metalm~1\applic~1\SolidWorks 2009
2009-08-29 12:02 <DIR> --d----- c:\docume~1\metalm~1\applic~1\EDrawings
2009-08-29 12:02 <DIR> --d----- c:\docume~1\metalm~1\applic~1\DassaultSystemes
2009-08-29 12:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DassaultSystemes
2009-08-29 11:44 <DIR> --d----- c:\docume~1\metalm~1\applic~1\Luxology
2009-08-29 11:40 <DIR> --d----- c:\docume~1\metalm~1\applic~1\SolidWorks
2009-08-29 11:18 0 a------- c:\windows\eDrawingOfficeAutomator.INI
2009-08-29 11:17 23 a---h--- c:\windows\yacht.xws
2009-08-29 11:04 <DIR> --d----- c:\program files\common files\SolidWorks Shared
2009-08-29 11:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SolidWorks
2009-08-29 11:03 <DIR> --d----- c:\docume~1\metalm~1\applic~1\Windows Desktop Search
2009-08-29 11:02 <DIR> --d----- c:\program files\Windows Desktop Search
2009-08-29 11:02 <DIR> --d----- c:\program files\MSECache
2009-08-29 10:59 <DIR> --d----- c:\program files\common files\SolidWorks Installation Manager
2009-08-29 10:58 <DIR> --d----- c:\windows\SolidWorks
2009-08-29 10:58 <DIR> --d----- c:\docume~1\metalm~1\applic~1\IM
2009-08-25 06:39 <DIR> --d-h--- c:\windows\PIF
2009-08-23 08:08 16,640 a------- c:\windows\system32\drivers\AsAudioDevice_351.sys
2009-08-23 07:56 <DIR> --d----- c:\docume~1\metalm~1\applic~1\GetRightToGo
2009-08-22 20:06 <DIR> --d----- c:\windows\Logs
2009-08-22 07:50 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-21 20:03 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-21 20:03 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-21 20:03 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-21 20:03 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-21 20:03 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-21 20:03 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-21 20:03 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-21 20:03 117,760 -------- c:\windows\system32\prntvpt.dll

==================== Find3M ====================

2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-05 17:01 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-07-18 03:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-04 01:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 16:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 16:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 16:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 16:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 16:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 16:25 730,112 -------- c:\windows\system32\lsasrv.dll

============= FINISH: 6:25:27.76 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/3/2009 11:22:19 AM
System Uptime: 9/16/2009 6:57:04 PM (12 hours ago)

Motherboard: ACER | | MCP73PV
Processor: Intel Pentium III Xeon processor | SOCKET775 M/B | 2333/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 19.043 GiB free.
D: is FIXED (NTFS) - 122 GiB total, 28.548 GiB free.
E: is FIXED (NTFS) - 147 GiB total, 23.31 GiB free.
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&1624BDC1&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&1624BDC1&0
Service: i8042prt

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 5300
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 5300
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP142: 9/17/2009 2:18:50 AM - System Checkpoint
RP143: 9/17/2009 6:19:13 AM - Cleaned registry with Windows Live OneCare safety scanner

==== Installed Programs ======================

7-Zip 4.20
Acer eLock Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Aimersoft Audio Converter(Build 2.2.0.37)
Aimersoft DVD Copy(Build 2.0.0.16)
Aimersoft DVD Creator(Build 2.1.1.0)
Aimersoft DVD Ripper(Build 2.2.0.27)
Aimersoft DVD Studio Pack(Build 2.2.0.19)
Aimersoft Media Converter(Build 1.1.2.10)
Aimersoft Video Converter(Build 2.2.0.19)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitTorrent
Bonjour
Camfrog Video Chat 5.3
CASHFLOW® THE E-GAME
Chessmaster Grandmaster Edition
Chikka Messenger V4
Chinese Traditional Fonts Support For Adobe Reader 9
CleanMyPC - Registry Cleaner
Cooking Academy
Cooking Academy 2 World Cuisine
Cool Edit Pro 2.1
COSMOSM 2009 (2008/250)
DFX for Windows Media Player
DigiTech Preset Converter 3.0
DigiTech RP250 Drivers
DigiTech X-Edit 2.4.1
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DWGeditor
EarMaster School 5
GameHouse Games Collection: Academy of Magic
GameHouse Games Collection: Adventure Inlay
GameHouse Games Collection: Adventure Inlay - Safari Edition
GameHouse Games Collection: Air Strike 3D
GameHouse Games Collection: Alien Sky
GameHouse Games Collection: Aloha Solitaire
GameHouse Games Collection: Aloha TriPeaks
GameHouse Games Collection: Ancient Tri-Jong
GameHouse Games Collection: Ancient Tripeaks
GameHouse Games Collection: Astrobatics
GameHouse Games Collection: Atlantis
GameHouse Games Collection: Atomaders
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Bewitched
GameHouse Games Collection: Big Kahuna Reef
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Bounce Out Blitz
GameHouse Games Collection: Casino Island To Go
GameHouse Games Collection: Chainz
GameHouse Games Collection: Chainz 2 - Relinked
GameHouse Games Collection: Charm Solitaire
GameHouse Games Collection: Charm Tale
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Chuzzle Deluxe
GameHouse Games Collection: Collapse! Crunch
GameHouse Games Collection: Combo Chaos!
GameHouse Games Collection: Crystal Path
GameHouse Games Collection: Cubis Gold 2
GameHouse Games Collection: Digby's Donuts
GameHouse Games Collection: Diner Dash
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Fiber Twig
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Flying Leo
GameHouse Games Collection: Fortune Tiles Gold
GameHouse Games Collection: Fresco Wizard
GameHouse Games Collection: GameHouse Sudoku
GameHouse Games Collection: Gearz
GameHouse Games Collection: Granny in Paradise
GameHouse Games Collection: Gutterball
GameHouse Games Collection: Gutterball 2
GameHouse Games Collection: Hamsterball
GameHouse Games Collection: Hello!
GameHouse Games Collection: Holiday Express
GameHouse Games Collection: Iggle Pop!
GameHouse Games Collection: Incadia
GameHouse Games Collection: Incredible Ink
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Inspector Parker
GameHouse Games Collection: Invadazoid
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Lemonade Tycoon
GameHouse Games Collection: Luxor
GameHouse Games Collection: Mad Caps
GameHouse Games Collection: Magic Ball
GameHouse Games Collection: Magic Ball 2
GameHouse Games Collection: Magic Ball 2 - New Worlds
GameHouse Games Collection: Magic Inlay
GameHouse Games Collection: Magic Vines
GameHouse Games Collection: Mah Jong Adventures
GameHouse Games Collection: Mah Jong Medley
GameHouse Games Collection: Mah Jong Quest
GameHouse Games Collection: Mahjong Garden To Go
GameHouse Games Collection: Mahjong Towers Eternity
GameHouse Games Collection: Maui Wowee
GameHouse Games Collection: Phlinx To Go
GameHouse Games Collection: Pin High Country Club Golf
GameHouse Games Collection: Pizza Frenzy
GameHouse Games Collection: Platypus
GameHouse Games Collection: Poker Superstars
GameHouse Games Collection: Puzzle Express
GameHouse Games Collection: Puzzle Inlay
GameHouse Games Collection: Puzzle Solitaire
GameHouse Games Collection: QBz
GameHouse Games Collection: Reader's Digest Super Word Power
GameHouse Games Collection: Ricochet
GameHouse Games Collection: Ricochet Lost Worlds
GameHouse Games Collection: Ricochet Lost Worlds - Recharged
GameHouse Games Collection: Roller Rush
GameHouse Games Collection: Saints & Sinners Bingo
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Shape Shifter
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Spelvin
GameHouse Games Collection: Splash
GameHouse Games Collection: Spring Sprang Sprung
GameHouse Games Collection: Super 5-Line Slots
GameHouse Games Collection: Super Blackjack!
GameHouse Games Collection: Super Bounce Out!
GameHouse Games Collection: Super Candy Cruncher
GameHouse Games Collection: Super Collapse!
GameHouse Games Collection: Super Collapse! II
GameHouse Games Collection: Super Collapse! II Platinum
GameHouse Games Collection: Super Fruit Frolic
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
GameHouse Games Collection: Super Gem Drop
GameHouse Games Collection: Super Glinx!
GameHouse Games Collection: Super Letter Linker
GameHouse Games Collection: Super Mah Jong Solitaire
GameHouse Games Collection: Super Nisqually
GameHouse Games Collection: Super PileUp!
GameHouse Games Collection: Super Pool
GameHouse Games Collection: Super Pop & Drop!
GameHouse Games Collection: Super Rumble Cube
GameHouse Games Collection: Super SpongeBob Collapse!
GameHouse Games Collection: Super TextTwist
GameHouse Games Collection: Super WHATword
GameHouse Games Collection: Super Wild Wild Words
GameHouse Games Collection: Tap a Jam
GameHouse Games Collection: Ten Pin Championship Bowling Pro
GameHouse Games Collection: Tennis Titans
GameHouse Games Collection: Tradewinds 2
GameHouse Games Collection: Trivia Machine
GameHouse Games Collection: Tropical Swaps
GameHouse Games Collection: Tumblebugs
GameHouse Games Collection: Turtle Bay
GameHouse Games Collection: Twistingo
GameHouse Games Collection: Ultimate Dominoes
GameHouse Games Collection: Varmintz Deluxe
GameHouse Games Collection: Walls of Jericho, The
GameHouse Games Collection: Wheel of Fortune
GameHouse Games Collection: Word Jolt
GameHouse Games Collection: Word Slinger
GameHouse Games Collection: WordJong To Go
GameHouse Games Collection: Zuma Deluxe
Google Desktop
Google Earth
Google Update Helper
Guitar Pro 5.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
imeem Uploader
iTunes
Japanese Fonts Support For Adobe Reader 9
Java(TM) 6 Update 15
Joint Operations: Typhoon Rising
JumpStart 2nd Grade v1.2
JumpStart Advanced Kindergarten
JumpStart Advanced Language Club
JumpStart First Grade v2.4
JustStyle CSS Editor 1.3.3
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Applications - ENU
Monopoly by Parker Brothers
Mozilla Firefox (3.5.3)
Mp3tag v2.44
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Nuance PDF Professional 5
NVIDIA Drivers
NVIDIA PhysX
ObjectDock Plus
Orbit Downloader
PBP Unpacker v0.94
PC Connectivity Solution
PhotoView 360
QuickSolutions
QuickTime
Realtek High Definition Audio Driver
Scansoft PDF Professional
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Skypeâ„¢ 3.8
SolidWorks 2009 SP0
SolidWorks eDrawings 2009
SolidWorks Explorer 2009 sp0
SolidWorks Motion 2009 SP0
SolidWorks Simulation 2009 SP0
SolidWorks viewer
Spybot - Search & Destroy
SyncToy 2.0 (x86)
TuneUp Utilities 2009
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VLC media player 0.9.8a
VoiceOver Kit
WebFldrs XP
Windows Defender
Windows Desktop Search 3.01
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

9/17/2009 3:04:34 AM, error: Service Control Manager [7034] - The Remote Procedure Call (HGM) service terminated unexpectedly. It has done this 5 time(s).
9/17/2009 2:37:09 AM, error: Service Control Manager [7034] - The Remote Procedure Call (HGM) service terminated unexpectedly. It has done this 4 time(s).
9/16/2009 7:53:12 PM, error: Service Control Manager [7034] - The Remote Procedure Call (HGM) service terminated unexpectedly. It has done this 3 time(s).
9/16/2009 7:14:02 PM, error: Service Control Manager [7031] - The Remote Procedure Call (HGM) service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/14/2009 7:24:19 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
9/14/2009 7:17:34 PM, error: nvgts [9] - The device, \Device\Scsi\nvgts1, did not respond within the timeout period.
9/12/2009 10:21:01 AM, error: Service Control Manager [7034] - The Remote Procedure Call (HGM) service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

broni · 2009/09/16

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

musikeros · 2009/09/20

Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 5.1.2600 Service Pack 3

9/18/2009 6:13:52 AM
mbam-log-2009-09-18 (06-13-52).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 372486
Time elapsed: 1 hour(s), 33 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rpchgm (Trojan.Keylogger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rpchgm (Trojan.Keylogger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rpchgm (Trojan.Keylogger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_RPCHGM (Trojan.Keylogger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\PC Satellite TV\PC Satellite TV.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\NetMeeting\secedit.exe (Trojan.Keylogger) -> Delete on reboot.

musikeros · 2009/09/20

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-19 01:56:07
Windows 5.1.2600 Service Pack 3
Running: qkjmtwbu.exe; Driver: C:\DOCUME~1\METALM~1\LOCALS~1\Temp\kgtdypow.sys

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xB9D541C8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9D54086]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9D54020]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9D54034]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9D5409A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9D540C6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9D54134]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9D5411E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9D5414A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9D54208]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9D54176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9D54072]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9D53FE4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9D53FF8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB9D541DC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9D541B2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9D54108]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9D540F2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9D540B0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9D5419E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9D5418A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9D5405E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9D5404A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9D540DC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9D54237]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9D54160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9D5421E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9D541F2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B9D541F6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B9D541CC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP B9D5420C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP B9D54222 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP B9D541E0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP B9D53FE8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP B9D53FFC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP B9D5404E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP B9D54038 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP B9D54024 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP B9D54062 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP B9D5423B mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219E8 7 Bytes JMP B9D540F6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80621D36 7 Bytes JMP B9D540E0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622060 7 Bytes JMP B9D54164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228FE 7 Bytes JMP B9D5410C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231D2 7 Bytes JMP B9D540B4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806237B0 5 Bytes JMP B9D5408A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C40 7 Bytes JMP B9D5409E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E10 7 Bytes JMP B9D540CA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 7 Bytes JMP B9D54138 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425A 7 Bytes JMP B9D54122 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624B82 5 Bytes JMP B9D54076 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EA8 7 Bytes JMP B9D541B6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 80625168 5 Bytes JMP B9D5418E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwLoadKey2 806255B8 7 Bytes JMP B9D5414E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585C 5 Bytes JMP B9D541A2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625976 1 Byte [E9]
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625976 5 Bytes JMP B9D5417A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F9C
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0091
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0FC3
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0FD4
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B005B
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F70
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F8B
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00D3
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F44
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B00E4
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B006C
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B00B6
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\wuauclt.exe[376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F55
.text C:\WINDOWS\system32\wuauclt.exe[376] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A003F
.text C:\WINDOWS\system32\wuauclt.exe[376] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A002E
.text C:\WINDOWS\system32\wuauclt.exe[376] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FC8
.text C:\WINDOWS\system32\wuauclt.exe[376] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\wuauclt.exe[376] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A001D
.text C:\WINDOWS\system32\wuauclt.exe[376] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\system32\wuauclt.exe[376] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B0FB2
.text C:\WINDOWS\system32\wuauclt.exe[376] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0039
.text C:\WINDOWS\system32\wuauclt.exe[376] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FCD
.text C:\WINDOWS\system32\wuauclt.exe[376] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\system32\wuauclt.exe[376] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0F72
.text C:\WINDOWS\system32\wuauclt.exe[376] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[376] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002B0014
.text C:\WINDOWS\system32\wuauclt.exe[376] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0F97
.text C:\WINDOWS\system32\wuauclt.exe[376] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003B0000
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01400000
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 014000A4
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01400FA5
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0140007F
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01400FC0
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01400047
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014000DC
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01400F94
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01400F5E
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014000F7
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01400112
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01400062
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0140001B
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 014000BF
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01400FDB
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01400036
.text D:\McAfee\Common Framework\FrameworkService.exe[800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01400F79
.text D:\McAfee\Common Framework\FrameworkService.exe[800] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 013F0FB9
.text D:\McAfee\Common Framework\FrameworkService.exe[800] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 013F0F6B
.text D:\McAfee\Common Framework\FrameworkService.exe[800] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 013F000A
.text D:\McAfee\Common Framework\FrameworkService.exe[800] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 013F0FCA
.text D:\McAfee\Common Framework\FrameworkService.exe[800] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 013F0F7C
.text D:\McAfee\Common Framework\FrameworkService.exe[800] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 013F0FE5
.text D:\McAfee\Common Framework\FrameworkService.exe[800] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 013F0F8D
.text D:\McAfee\Common Framework\FrameworkService.exe[800] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5F, 89]
.text D:\McAfee\Common Framework\FrameworkService.exe[800] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 013F0F9E
.text D:\McAfee\Common Framework\FrameworkService.exe[800] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 013E005A
.text D:\McAfee\Common Framework\FrameworkService.exe[800] msvcrt.dll!system 77C293C7 5 Bytes JMP 013E003F
.text D:\McAfee\Common Framework\FrameworkService.exe[800] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 013E001D
.text D:\McAfee\Common Framework\FrameworkService.exe[800] msvcrt.dll!_open 77C2F566 5 Bytes JMP 013E0000
.text D:\McAfee\Common Framework\FrameworkService.exe[800] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 013E002E
.text D:\McAfee\Common Framework\FrameworkService.exe[800] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 013E0FE3
.text D:\McAfee\Common Framework\FrameworkService.exe[800] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013D0000
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020FEF
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0102004E
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0102003D
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01020F6F
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01020F80
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0102001B
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01020081
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01020070
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01020F03
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0102009C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01020EE8
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0102002C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01020FD4
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0102005F
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0102000A
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01020FB9
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01020F1E
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E3004A
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E3002F
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E30087
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E30076
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E3005B
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E20F9C
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E20027
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E20FC1
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E20016
.text C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E20FD2
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF0F92
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0FA3
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF007D
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0FCA
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0051
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0F70
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F81
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F4B
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF00E4
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF0F30
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF006C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF00A2
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF002C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF00D3
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0022
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE004E
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE003D
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CE0FA5
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EE, 88]
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0FB6
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10070
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10055
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10029
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C1000C
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10044
.text C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0080
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0F8B
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0065
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF00B6
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF0F70
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF00FD
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF00E2
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F49
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF004A
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF009B
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0FDB
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF00C7
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0FA1
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0054
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FE0FB2
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1E, 89]
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE0FC3
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70F92
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70FAD
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F70FD9
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F7000C
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70FBE
.text C:\WINDOWS\system32\svchost.exe[1012] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F7001D
.text C:\WINDOWS\system32\svchost.exe[1012] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70FB4
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D700B3
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70FDB
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D70098
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D7006C
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D70F8D
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D700D5
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D70101
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D700F0
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D70F4D
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70087
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D7001B
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D700C4
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D70047
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D70036
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D70F72
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D6002C
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D60F9E
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D60FDB
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D60011
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D60051
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D60FAF
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F6, 88]
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D60FCA
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D50062
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D50047
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D5002C
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D50FD7
.text C:\WINDOWS\system32\svchost.exe[1076] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D50011
.text C:\WINDOWS\system32\svchost.exe[1076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D40000
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 05B0000A
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 05B00F8A
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 05B00FA5
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 05B0007F
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 05B00062
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 05B00047
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 05B0009A
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 05B00F5E
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 05B000BC
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 05B00F2D
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 05B000CD
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 05B00FCA
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 05B0001B
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 05B00F79
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 05B00036
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 05B00FE5
.text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 05B000AB
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 05AF0FD4
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 05AF0F8D
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 05AF0FE5
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 05AF001B
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 05AF0FA8
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 05AF0000
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 05AF004A
.text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 05AF0FB9
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 055D0F9C
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!system 77C293C7 5 Bytes JMP 055D0027
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 055D000C
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_open 77C2F566 5 Bytes JMP 055D0FE3
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 055D0FB7
.text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 055D0FD2
.text C:\WINDOWS\System32\svchost.exe[1220] WS2_32.dll!socket 71AB4211 5 Bytes JMP 055C0FEF
.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 055B0FEF
.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 055B000A
.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 055B001B
.text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 055B0FC0
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00390FE5
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0039007D
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00390F7E
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00390F9B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00390058
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039003D
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00390F52
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00390F63
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00390F41
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003900D0
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003900F5
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00390FB6
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00390000
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0039008E
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0039002C
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0039001B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003900B5
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00380047
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00380098

musikeros · 2009/09/20

.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0038002C
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0038001B
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00380087
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00380000
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00380FDB
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [58, 88]
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00380062
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370F8B
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370F9C
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00370FD2
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370000
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370FB7
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370FE3
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008A0078
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008A0F79
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008A0F8A
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008A0047
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008A0FAF
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008A00A6
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008A0095
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008A00C1
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008A0F28
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008A0F0D
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008A0036
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A0FCA
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008A0F5E
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008A0011
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008A0000
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008A0F43
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00890FCA
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00890FAF
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00890FDB
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00890011
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0089006C
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00890000
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00890047
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00890036
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0088001B
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!system 77C293C7 5 Bytes JMP 00880F90
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00880000
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00880FEF
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00880FA1
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00880FC6
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD000A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD00B0
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0095
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0FC7
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD007A
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0058
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD00E8
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F96
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD012F
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD011E
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CD0140
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CD0069
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CD001B
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CD00C1
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CD003D
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CD002C
.text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CD00F9
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0082001E
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00820F90
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00820FCD
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00820FDE
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00820043
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00820FA1
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A2, 88]
.text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00820FB2
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0081003A
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00810FB9
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00810FD4
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0081000C
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00810029
.text C:\WINDOWS\system32\svchost.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00810FEF
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00810000
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0081006C
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00810F77
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00810051
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00810F9E
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00810036
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00810098
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00810087
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008100C7
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00810F24
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00810F13
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00810FAF
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00810011
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00810F5C
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00810FCA
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00810FDB
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00810F35
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0080001B
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00800F6F
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00800FD4
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00800FE5
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00800F8A
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00800000
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0080002C
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00800FAF
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007F0FA6
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 007F0031
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007F000C
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007F0FE3
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007F0FC1
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007F0FD2
.text C:\WINDOWS\system32\svchost.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\SearchIndexer.exe[1724] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 01121B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90000
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E9006E
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90053
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90F79
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90F8A
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90FC0
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90F39
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E90F54
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F06
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E90F17
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E90EE1
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90FAF
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E9001B
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E9007F
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90036
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E90FEF
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E90F28
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80040
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E800A2
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E80FE5
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E8001B
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80087
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E8000A
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E8006C
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E8005B
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E70075
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E7005A
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E7002E
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70000
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E7003F
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70011
.text D:\McAfee\Common Framework\naPrdMgr.exe[1940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60FE5
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F5E
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A005D
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0F83
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F94
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0090
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A007F
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00D0
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00B5
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00EB
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A006E
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F37
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FA8
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029004A
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FC3
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FD4
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F97
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FE5
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290039
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0029001E
.text C:\WINDOWS\Explorer.EXE[3312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0F90
.text C:\WINDOWS\Explorer.EXE[3312] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FAB
.text C:\WINDOWS\Explorer.EXE[3312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FD7
.text C:\WINDOWS\Explorer.EXE[3312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[3312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FBC
.text C:\WINDOWS\Explorer.EXE[3312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0011
.text C:\WINDOWS\Explorer.EXE[3312] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[3312] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 002C0011
.text C:\WINDOWS\Explorer.EXE[3312] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 002C0022
.text C:\WINDOWS\Explorer.EXE[3312] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 002C0033
.text C:\WINDOWS\Explorer.EXE[3312] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 02D11102 D:\Unlocker\UnlockerHook.dll
.text C:\WINDOWS\Explorer.EXE[3312] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01670000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs eLock2FSCTLDriver.sys (eLock2FSCTLDriver Filter Driver/Windows (R) 2000 DDK provider)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

broni · 2009/09/21

I'm still waiting for two other logs....

musikeros · 2009/09/22

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/17/2009 at 09:34 PM

Application Version : 4.28.1010

Core Rules Database Version : 4085
Trace Rules Database Version: 0

Scan type : Complete Scan
Total Scan Time : 01:30:57

Memory items scanned : 246
Memory threats detected : 0
Registry items scanned : 6725
Registry threats detected : 0
File items scanned : 245698
File threats detected : 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:36 AM, on 9/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\Acer\Empowering Technology\eLock\LockServ.exe
D:\McAfee\VirusScan Enterprise\EngineServer.exe
D:\McAfee\Common Framework\FrameworkService.exe
D:\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
D:\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
D:\McAfee\Common Framework\udaterui.exe
D:\Unlocker\UnlockerAssistant.exe
D:\Nuance\PDF Professional 5\pdfpro5hook.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
D:\Java\jre6\bin\jusched.exe
D:\iTunes\iTunesHelper.exe
D:\Windows Defender\MSASCui.exe
D:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
D:\BitTorrent\bittorrent.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
D:\CleanMyPC\Registry Cleaner\RCHelper.exe
D:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Solidworks 2009\SolidWorks\swScheduler\swBOEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
D:\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\METALM~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "D:\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [PDFHook] D:\Nuance\PDF Professional 5\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] D:\Nuance\PDF Professional 5\RegistryController.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eLockMonitor] D:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Windows Defender] "D:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "d:\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = D:\Solidworks 2009\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://D:\Nuance\PDF Professional 5\cnvres_eng.dll /100
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - D:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault SystÃ¨mes SolidWorks Corp. - D:\Solidworks 2009\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java\jre6\bin\jqs.exe
O23 - Service: LockServ - Unknown owner - D:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - D:\Nuance\PDF Professional 5\PDFProFiltSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 13478 bytes

broni · 2009/09/22

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

musikeros · 2009/09/26

ComboFix 09-09-25.01 - Metal Monkey 09/26/2009 15:32.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1234 [GMT 8:00]
Running from: c:\documents and settings\Metal Monkey\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\METALM~1\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0000\~deb294.tmp
c:\docume~1\METALM~1\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0000\~df394b.tmp
c:\documents and settings\Metal Monkey\Application Data\Desktopicon
c:\documents and settings\Metal Monkey\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Metal Monkey\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0000\~deb294.tmp
c:\documents and settings\Metal Monkey\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0000\~df394b.tmp

.
((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.

2009-09-25 23:13 . 2009-09-25 23:13 -------- d-----w- c:\windows\File & Folder List Maker
2009-09-23 13:14 . 2008-04-17 05:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-23 13:13 . 2009-09-23 13:13 -------- d-----w- c:\program files\iPod
2009-09-23 11:16 . 2009-09-23 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-09-22 13:13 . 2009-09-22 13:13 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-22 13:13 . 2009-09-22 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-22 12:53 . 2009-09-22 12:59 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-22 12:52 . 2009-09-22 12:53 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\SystemRequirementsLab
2009-09-17 11:49 . 2009-09-17 11:49 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\Malwarebytes
2009-09-17 11:49 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-17 11:49 . 2009-09-17 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-17 11:49 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-17 11:13 . 2009-09-17 11:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-17 11:05 . 2009-09-17 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-17 11:05 . 2009-09-23 13:10 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\SUPERAntiSpyware.com
2009-09-15 22:13 . 2009-09-15 22:13 -------- d-----w- c:\documents and settings\Metal Monkey\.juststyle
2009-09-15 13:37 . 2009-09-15 13:39 -------- d-----w- c:\windows\system32\NtmsData
2009-09-15 13:32 . 2007-09-11 06:09 364544 ----a-w- c:\windows\system32\drivers\nvraidco.dll
2009-09-15 13:32 . 2007-09-11 06:09 353280 ----a-w- c:\windows\system32\drivers\idecoi.dll
2009-09-13 00:22 . 2009-09-13 00:22 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-09-13 00:22 . 2009-09-13 00:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-12 04:33 . 2009-09-12 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 04:31 . 2009-09-12 04:32 -------- d-----w- c:\program files\QuickTime
2009-09-10 15:24 . 2009-09-10 15:24 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-08-29 11:11 . 2009-08-29 11:11 -------- d-----w- c:\windows\Sun
2009-08-29 11:09 . 2009-08-29 11:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-29 04:10 . 2009-09-13 05:21 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\SolidWorks 2009
2009-08-29 04:02 . 2009-08-29 04:02 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\EDrawings
2009-08-29 04:02 . 2009-08-29 04:02 -------- d-----w- c:\documents and settings\Metal Monkey\Local Settings\Application Data\DassaultSystemes
2009-08-29 04:02 . 2009-08-29 04:02 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\DassaultSystemes
2009-08-29 04:02 . 2009-08-29 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DassaultSystemes
2009-08-29 03:44 . 2009-08-29 03:44 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\Luxology
2009-08-29 03:40 . 2009-09-13 04:31 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\SolidWorks
2009-08-29 03:04 . 2009-08-29 03:21 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2009-08-29 03:04 . 2009-08-29 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SolidWorks
2009-08-29 03:03 . 2009-08-29 03:03 -------- d-----w- c:\documents and settings\Metal Monkey\Local Settings\Application Data\Identities
2009-08-29 03:03 . 2009-08-29 03:03 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\Windows Desktop Search
2009-08-29 03:03 . 2009-08-29 03:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-08-29 03:03 . 2009-08-29 03:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-29 03:02 . 2009-08-29 03:02 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-29 03:02 . 2009-08-29 03:02 -------- d-----w- c:\program files\MSECache
2009-08-29 02:59 . 2009-08-29 02:59 -------- d-----w- c:\program files\Common Files\SolidWorks Installation Manager
2009-08-29 02:58 . 2009-08-29 03:01 -------- d-----w- c:\windows\SolidWorks
2009-08-29 02:58 . 2009-09-26 07:38 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\IM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 07:27 . 2009-05-03 04:49 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\BitTorrent
2009-09-26 06:07 . 2009-05-03 05:07 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\Skype
2009-09-26 02:04 . 2009-06-20 00:44 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\skypePM
2009-09-26 01:02 . 2009-07-04 10:07 -------- d-----w- c:\program files\Common Files\Knowledge Adventure
2009-09-23 13:13 . 2009-05-03 07:24 -------- d-----w- c:\program files\Common Files\Apple
2009-09-23 13:10 . 2009-05-03 04:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-22 13:51 . 2009-05-03 06:38 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-20 02:55 . 2009-06-14 12:18 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\dvdcss
2009-09-19 07:36 . 2009-05-03 03:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-17 11:13 . 2009-09-17 11:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-12 12:21 . 2009-05-03 07:26 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\Apple Computer
2009-09-05 05:47 . 2009-07-29 22:34 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\Orbit
2009-09-02 01:01 . 2009-06-16 12:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-30 05:57 . 2009-05-03 05:01 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\Mp3tag
2009-08-29 03:38 . 2009-05-03 04:20 82552 -c--a-w- c:\documents and settings\Metal Monkey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 03:04 . 2009-05-03 04:37 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-29 03:02 . 2009-05-03 03:28 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-29 03:02 . 2009-05-03 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-28 11:42 . 2009-06-14 13:11 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 11:42 . 2009-06-14 13:11 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-22 23:57 . 2009-08-22 23:56 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\GetRightToGo
2009-08-21 12:03 . 2009-05-03 06:08 -------- d-----w- c:\program files\MSBuild
2009-08-21 12:03 . 2009-08-21 12:03 -------- d-----w- c:\program files\Reference Assemblies
2009-08-16 19:04 . 2009-08-16 19:04 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-16 19:04 . 2009-08-16 19:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-16 19:03 . 2009-08-16 19:03 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-08-16 19:03 . 2009-08-16 19:03 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-16 19:03 . 2009-08-16 19:03 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-16 19:03 . 2009-08-16 19:03 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-16 19:03 . 2009-08-16 19:03 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-08-16 19:03 . 2009-08-16 19:03 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-16 19:03 . 2009-08-16 19:03 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-16 19:03 . 2009-08-16 19:03 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-16 19:03 . 2009-08-16 19:03 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-16 19:03 . 2009-08-16 19:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-16 19:02 . 2009-08-16 19:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 16:57 . 2009-08-16 16:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 16:57 . 2009-08-16 16:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 16:57 . 2009-08-16 16:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 16:57 . 2009-05-03 04:37 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 16:57 . 2009-05-03 03:59 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 16:57 . 2009-05-03 03:57 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-08-16 16:57 . 2009-01-15 00:19 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 16:57 . 2009-01-15 00:19 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 16:57 . 2009-01-15 00:19 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 16:57 . 2009-01-15 00:19 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 16:57 . 2009-01-15 00:19 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-15 23:19 . 2009-08-15 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\EarMaster
2009-08-15 08:52 . 2009-05-05 12:29 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\Wildfire
2009-08-13 11:40 . 2009-08-13 11:40 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\fltk.org
2009-08-11 04:35 . 2009-05-03 03:26 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-06 23:12 . 2009-08-06 23:12 -------- d-----w- c:\program files\MSXML 4.0
2009-08-05 12:36 . 2009-08-05 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime
2009-08-05 12:10 . 2009-08-05 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-08-05 12:08 . 2009-08-05 12:05 -------- d-----w- c:\program files\Nokia
2009-08-05 12:05 . 2009-07-07 22:34 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-05 12:05 . 2009-05-03 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-08-05 11:54 . 2009-07-07 22:36 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\Nokia
2009-08-05 09:01 . 2004-08-03 13:56 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-02 02:01 . 2009-08-01 22:12 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\DivX
2009-07-29 22:34 . 2009-07-29 22:34 -------- d-----w- c:\documents and settings\Metal Monkey\Application Data\GrabPro
2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-07-17 19:01 . 2004-08-03 13:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:43 . 2004-08-03 13:56 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-08 11:33 . 2001-08-18 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-07-05 00:39 . 2009-07-05 00:39 135 ----a-w- c:\documents and settings\Metal Monkey\Local Settings\Application Data\fusioncache.dat
2009-07-03 17:09 . 2004-08-03 13:56 915456 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent "= "d:\bittorrent\bittorrent.exe" [2009-08-13 653104]
"SpybotSD TeaTimer "= "d:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService "= "c:\windows\system32\nvraidservice.exe" [2007-09-11 187936]
"McAfeeUpdaterUI "= "d:\mcafee\Common Framework\udaterui.exe" [2008-03-13 136512]
"ShStatEXE "= "d:\mcafee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"UnlockerAssistant "= "d:\unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"PDFHook "= "d:\nuance\PDF Professional 5\pdfpro5hook.exe" [2008-03-15 1626112]
"PDF5 Registry Controller "= "d:\nuance\PDF Professional 5\RegistryController.exe" [2008-02-01 58656]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-14 30192]
"Acer Empowering Technology Monitor "= "c:\windows\system32\SysMonitor.exe" [2008-01-22 49152]
"eLockMonitor "= "d:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384]
"SolidWorks_CheckForUpdates "= "c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472]
"SunJavaUpdateSched "= "d:\java\jre6\bin\jusched.exe" [2009-08-29 149280]
"Synchronization Manager "= "c:\windows\system32\mobsync.exe" [2008-04-13 143360]
"Windows Defender "= "d:\windows defender\MSASCui.exe" [2006-11-03 866584]
"Malwarebytes Anti-Malware (reboot) "= "d:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-08-16 13877248]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-08-16 86016]
"iTunesHelper "= "d:\itunes\iTunesHelper.exe" [2009-09-21 305440]
"RTHDCPL "= "RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

c:\documents and settings\Metal Monkey\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
SolidWorks Task Scheduler Engine.lnk - d:\solidworks 2009\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]
Stardock ObjectDock.lnk - d:\stardock\ObjectDock\ObjectDock.exe [2009-5-3 3581680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - d:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2009-6-20 45056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GroupManager

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Nuance PDF Professional 5-reminder "= "d:\nuance\PDF Professional 5\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\Nuance\PDF Professional 5\Ereg\Ereg.ini "
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher "= "d:\adobe\Reader 9.0\Reader\Reader_sl.exe "
"nwiz "=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\McAfee\\Common Framework\\FrameworkService.exe "=
"d:\\BitTorrent\\bittorrent.exe "=
"d:\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"d:\\Medal Of Honor Allied Assault\\MOHAA.exe "=
"d:\\Counter-Strike Source\\hl2.exe "=
"d:\\Orbitdownloader\\orbitdm.exe "=
"d:\\Orbitdownloader\\orbitnet.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=
"d:\\iTunes\\iTunes.exe "=
"d:\\Skype\\Phone\\Skype.exe "=

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [6/20/2009 10:50 PM 17664]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [6/20/2009 10:50 PM 90112]
R2 McAfeeEngineService;McAfee Engine Service;d:\mcafee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/3/2009 12:34 PM 67904]
R2 PDFProFiltSrv;PDFProFiltSrv;d:\nuance\PDF Professional 5\PDFProFiltSrv.exe [2/2/2008 2:20 AM 144672]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/3/2009 8:17 PM 603904]
R2 WinDefend;Windows Defender;d:\windows defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [8/23/2009 8:08 AM 16640]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/3/2009 11:35 AM 30880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/12/2009 12:52 PM 133104]
S2 LockServ;LockServ;d:\acer\Empowering Technology\eLock\LockServ.exe -p --> d:\acer\Empowering Technology\eLock\LockServ.exe -p [?]
S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [7/8/2009 8:30 PM 17920]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\solidworks 2009\SolidWorks\swScheduler\DTSCoordinatorService.exe [9/9/2008 6:01 AM 79144]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/15/2009 5:35 AM 30192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/3/2009 12:34 PM 64432]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [10/26/2006 1:45 PM 2799808]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\1-Click Maintenance.job
- d:\tuneup utilities 2009\OneClickStarter.exe [2008-12-11 13:36]

2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 04:52]

2009-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 04:52]

2009-09-26 c:\windows\Tasks\MP Scheduled Scan.job
- d:\windows defender\MpCmdRun.exe [2006-11-03 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Download by Orbit - d:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\orbitdownloader\orbitmxt.dll/204
IE: Append the content of the link to existing PDF file - d:\nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - d:\nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - d:\nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - d:\nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - d:\nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - d:\nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Do&wnload selected by Orbit - d:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - d:\nuance\PDF Professional 5\cnvres_eng.dll /100
FF - ProfilePath - c:\documents and settings\Metal Monkey\Application Data\Mozilla\Firefox\Profiles\b5wr3u3t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: d:\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: d:\adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\divx\DivX Web Player\npdivx32.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\videolan\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 15:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1544)
c:\windows\system32\WININET.dll
d:\stardock\ObjectDock\DockShellHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
d:\nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\nokia\Nokia PC Suite 7\NGSCM.DLL
d:\nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
d:\nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
d:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\java\jre6\bin\jqs.exe
d:\mcafee\Common Framework\FrameworkService.exe
d:\mcafee\VirusScan Enterprise\VsTskMgr.exe
d:\mcafee\Common Framework\naPrdMgr.exe
c:\windows\system32\searchindexer.exe
d:\mcafee\VirusScan Enterprise\Mcshield.exe
d:\mcafee\VirusScan Enterprise\mfeann.exe
d:\mcafee\Common Framework\McTray.exe
c:\windows\system32\wbem\unsecapp.exe
d:\acer\Empowering Technology\eLock\Monitor\LockMon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\METALM~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
c:\program files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
.
**************************************************************************
.
Completion time: 2009-09-26 15:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-26 07:41

Pre-Run: 20,583,792,640 bytes free
Post-Run: 20,549,394,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

336 --- E O F --- 2009-09-21 22:47

musikeros · 2009/09/26

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:44 PM, on 9/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Java\jre6\bin\jqs.exe
D:\McAfee\VirusScan Enterprise\EngineServer.exe
D:\McAfee\Common Framework\FrameworkService.exe
D:\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
D:\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
D:\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
D:\McAfee\Common Framework\udaterui.exe
D:\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\McAfee\Common Framework\McTray.exe
D:\Nuance\PDF Professional 5\pdfpro5hook.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
D:\Java\jre6\bin\jusched.exe
D:\Windows Defender\MSASCui.exe
D:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\iTunes\iTunesHelper.exe
D:\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Solidworks 2009\SolidWorks\swScheduler\swBOEngine.exe
D:\Stardock\ObjectDock\ObjectDock.exe
C:\DOCUME~1\METALM~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "D:\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [PDFHook] D:\Nuance\PDF Professional 5\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] D:\Nuance\PDF Professional 5\RegistryController.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eLockMonitor] D:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Windows Defender] "D:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = D:\Solidworks 2009\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://D:\Nuance\PDF Professional 5\cnvres_eng.dll /100
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - D:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault SystÃ¨mes SolidWorks Corp. - D:\Solidworks 2009\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java\jre6\bin\jqs.exe
O23 - Service: LockServ - Unknown owner - D:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - D:\Nuance\PDF Professional 5\PDFProFiltSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 12893 bytes

broni · 2009/09/26

Disable TeaTimer, as it'll interfere with the cleaning process:
Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
TeaTimer closes.
NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

=================================================================

Disable Windows Defender, as it'll interfere with cleaning process:
- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

=================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
- O4 - Global Startup: Acer Empowering Technology.lnk = ?

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
- O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
- O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
- O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
- O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre6\bin\jusched.exe "
- O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
- O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe "
- O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe "
- O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

musikeros · 2009/09/29

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:44 PM, on 9/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Java\jre6\bin\jqs.exe
D:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\McAfee\VirusScan Enterprise\EngineServer.exe
D:\McAfee\Common Framework\FrameworkService.exe
D:\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
D:\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\SearchIndexer.exe
D:\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
D:\McAfee\Common Framework\udaterui.exe
D:\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
D:\Nuance\PDF Professional 5\pdfpro5hook.exe
D:\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
D:\Windows Defender\MSASCui.exe
D:\iTunes\iTunesHelper.exe
D:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
D:\BitTorrent\bittorrent.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Solidworks 2009\SolidWorks\swScheduler\swBOEngine.exe
D:\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\METALM~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\WINDOWS\system32\rundll32.exe
D:\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "D:\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Unlocker\UnlockerAssistant.exe "
O4 - HKLM\..\Run: [PDFHook] D:\Nuance\PDF Professional 5\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] D:\Nuance\PDF Professional 5\RegistryController.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eLockMonitor] D:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [Windows Defender] "D:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [BitTorrent] "D:\BitTorrent\bittorrent.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = D:\Solidworks 2009\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://D:\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - res://D:\Nuance\PDF Professional 5\cnvres_eng.dll /100
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - D:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault SystÃ¨mes SolidWorks Corp. - D:\Solidworks 2009\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java\jre6\bin\jqs.exe
O23 - Service: LockServ - Unknown owner - D:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - D:\Nuance\PDF Professional 5\PDFProFiltSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11616 bytes

broni · 2009/09/29

Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

[SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Please, let me know, how is your computer doing.

musikeros · 2009/10/10

Thank you very much.

broni · 2009/10/10

You're very welcome

Log in or Sign up

Solved event code 7034 The Remote Procedure Call service terminated

musikeros Inactive Thread Starter

PeteC SuperGeek Staff

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

musikeros Inactive Thread Starter

musikeros Inactive Thread Starter

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

musikeros Inactive Thread Starter

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved event code 7034 The Remote Procedure Call service terminated

musikeros Inactive Thread Starter

PeteC SuperGeek Staff

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

musikeros Inactive Thread Starter

musikeros Inactive Thread Starter

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

musikeros Inactive Thread Starter

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

musikeros Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches