Unsolved
This post is more than 5 years old
15 Posts
0
4470
google redirect virus
I need help to get rid of this malware, after trying several removal tools without success. Can anyone help, please?
Whenever I click on a result from a Google search I get taken to other sites, usually sales locations such as E-Bay or Kelkoo. Typing addresses in directly works OK, but the redirects from the search page are getting more and more frequent - initially this only happened sometimes, but now almost all links are hijacked.
There are some common features - one address that appears frequently while the redirect is happening is (address adjusted with xx):
hxxp://www.liwlby.net/?search=m%26s&n=1291372258
A dialog box sometimes pops up during the redirect, saying that it is 'Search Mirror'.
I have tried the following tools so far:
Microsoft Malware Removal Tool
Windows Live Onecare scan
Malwarebytes
Hitman Pro 3.5
TDSS Killer
ATF cleaner
Spybotsd162
SuperAntiSpyware
I have now run a Hijack This scan, and this was the log produced:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:07:27, on 19/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101112085015.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgin.net
O15 - Trusted Zone: http://www.argos.co.uk
O15 - Trusted Zone: http://www.virgin.net
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256666358109
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://69.57.245.114/activex/AxisCamControl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} (VM_1.VM_Control) - http://downloads.virginmedia.com/CST/ver1/xp_mail.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 15508 bytes
kevin27_b3d29f
1.5K Posts
0
January 2nd, 2011 02:00
Hi, GTLondon,
Welcome to Dell Community Malware Removal Forums,
Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.
Please uninstall HitmanPro, SuperAnti-Spyware and Spybot S&D, they are not needed for what we need to do.
1. DDS.txt
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control here
YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,
Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Next, please perform a rootkit scan:
.
If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.
Please COPY/PASTE BOTH DDS logs and the ARK log back to this thread, along with the TDSSKiller log that will be located at in your root directory, (usually C:\ folder) in the form of C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
Thanks.
gtlondon
15 Posts
0
January 3rd, 2011 14:00
Hi K27 - thanks for getting back to me, and I am very grateful for your help.
I have uninstalled the three previous spyware programmes as advised (but I have left TDSS killer, ATF Cleaner and Malwarebytes in place - I hope this was OK). I have run the DDS and ARK programmes, and the logs are pasted below as requested (DDS, then Attach, then ARK, then TDSS log from last run).. When I first downloaded DDS it did save successfully, but then immediately triggered a blue screen security shutdown and automatic report to Microsoft. I had to power down the PC to get it to shutdown, but when restarted everything was fine and DDS ran without any problem - I don't know if this is significant or not.
I hope that these results are what you need; thanks again.
GTLondon
DDS (Ver_10-12-12.02) - NTFSx86
Run by Gerry Friell at 18:59:23.53 on 03/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.623 [GMT 0:00]
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Gerry Friell\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.virginmedia.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by MSN & Bing
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101112085015.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: argos.co.uk\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: thetrainline.com\www
Trusted Zone: virgin.net\www
Trusted Zone: virginmedia.com\ebill2
Trusted Zone: windowsupdate.com\download
Trusted Zone: wwte.com\ukeurostarplanet
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://creative.com/su/ocx/15015/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} - hxxp://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256666358109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://69.57.245.114/activex/AxisCamControl.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://creative.com/su/ocx/15021/CTPID.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 386840]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2006-4-1 4064]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-22 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-9 210216]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-22 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-22 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-22 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-22 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-22 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-22 141792]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-9-13 32512]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-4-23 90112]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-22 55840]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-9 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-9 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-22 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-22 88544]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-23 27632]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-22 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-22 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-9 40552]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-1-10 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-1-10 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-1-10 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-1-10 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-1-10 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-1-10 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-1-10 117672]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2009-2-4 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2009-2-4 12672]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2009-2-4 32000]
=============== Created Last 30 ================
2010-12-19 08:06:21 388096 ----a-r- c:\docume~1\gerryf~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-19 08:06:21 -------- d-----w- c:\program files\Trend Micro
2010-12-16 10:03:08 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 09:57:51 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-12 17:00:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-10 23:06:04 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-10 23:04:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-12-10 23:04:47 -------- d-----w- c:\program files\Hitman Pro 3.5
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 11:06:33 87552 --sha-r- c:\windows\system32\ntoskrnl5.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 19:02:01.25 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 04/05/2005 18:41:35
System Uptime: 03/01/2011 18:19:18 (1 hours ago)
Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 229 GiB total, 156.861 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 537EP V9x DF PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
Manufacturer: Intel Corporation
Name: Intel(R) 537EP V9x DF PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
Service: Modem
==== System Restore Points ===================
RP1: 07/11/2010 11:24:09 - System Checkpoint
RP2: 08/11/2010 17:46:52 - System Checkpoint
RP3: 09/11/2010 18:28:52 - System Checkpoint
RP4: 10/11/2010 12:31:12 - Software Distribution Service 3.0
RP5: 18/11/2010 11:30:35 - System Checkpoint
RP6: 24/11/2010 21:08:29 - System Checkpoint
RP7: 28/11/2010 16:59:30 - System Checkpoint
RP8: 30/11/2010 17:59:36 - System Checkpoint
RP9: 30/11/2010 20:49:03 - Cleaned registry with Windows Live OneCare safety scanner
RP10: 02/12/2010 10:14:05 - System Checkpoint
RP11: 03/12/2010 12:21:50 - Installed Windows Internet Explorer 8.
RP12: 03/12/2010 12:23:01 - Software Distribution Service 3.0
RP13: 03/12/2010 12:29:56 - Software Distribution Service 3.0
RP14: 03/12/2010 22:25:19 - Removed PRODUCT_NAME
RP15: 05/12/2010 15:35:21 - System Checkpoint
RP16: 09/12/2010 20:15:08 - System Checkpoint
RP17: 09/12/2010 20:26:41 - Removed PRODUCT_NAME
RP18: 10/12/2010 21:14:06 - System Checkpoint
RP19: 10/12/2010 22:33:49 - Cleaned registry with Windows Live OneCare safety scanner
RP20: 13/12/2010 09:27:42 - System Checkpoint
RP21: 16/12/2010 12:24:41 - Software Distribution Service 3.0
RP22: 19/12/2010 08:06:20 - Installed HiJackThis
RP23: 20/12/2010 08:22:41 - System Checkpoint
RP24: 21/12/2010 22:49:23 - System Checkpoint
RP25: 23/12/2010 11:14:55 - System Checkpoint
RP26: 24/12/2010 11:54:03 - System Checkpoint
RP27: 27/12/2010 11:15:26 - System Checkpoint
RP28: 31/12/2010 10:52:10 - System Checkpoint
RP29: 03/01/2011 17:43:08 - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Adobe Type Manager 4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ARTEuro
Audio User's Guide
Avanquest update
Bonjour
Broadcom Advanced Control Suite 2
Business Contact Manager for Outlook 2003
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities PhotoStitch 3.1
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
Creative Audio Console
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell System Restore
DellSupport
Email Updater
G15A922EN
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iPod for Windows 2005-10-12
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Shredder
MediaLife
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
NVIDIA Drivers
OVT Scanner X86
PowerDVD 5.3
QuickTime
RangeMax Wireless-N USB Adapter WN111v2
RealArcade
RealPlayer Basic
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 6.009.00
Sound Blaster Audigy 2 ZS
SpeedTouch USB Software
Spelling Dictionaries Support For Adobe Reader 9
Uninstall OVT Scanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wireless Manager
WN111v2
==== Event Viewer Messages From Past Week ========
31/12/2010 09:49:59, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
27/12/2010 10:43:12, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00223F904230 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
03/01/2011 18:59:59, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the rpcapd service.
03/01/2011 18:22:46, error: System Error [1003] - Error code 100000c5, parameter1 00083d60, parameter2 00000002, parameter3 00000000, parameter4 8054b0ba.
==== End Of File ===========================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-03 22:13:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.08.0
Running: 3jffbpif.exe; Driver: C:\DOCUME~1\GERRYF~1\LOCALS~1\Temp\kgtdypog.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF71ED0E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF71ED0F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF71ED120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF71ED176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF71ED0CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF71ED0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF71ED0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF71ED10A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF71ED14C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF71ED136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF71ED1A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF71ED18C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF71ED160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF5CA7F80]
? C:\DOCUME~1\GERRYF~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\services.exe[492] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00700FEF
.text C:\WINDOWS\system32\services.exe[492] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00700FB9
.text C:\WINDOWS\system32\services.exe[492] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00700FD4
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006F0067
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006F0F72
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006F0F83
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006F0F94
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006F0FC0
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006F0F33
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006F0F44
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006F0F0E
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006F00A7
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006F00B8
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006F0FA5
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006F0FDB
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006F0F61
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006F0022
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006F0011
.text C:\WINDOWS\system32\services.exe[492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006F008C
.text C:\WINDOWS\system32\services.exe[492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D90FE5
.text C:\WINDOWS\system32\services.exe[492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D9006C
.text C:\WINDOWS\system32\services.exe[492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D90036
.text C:\WINDOWS\system32\services.exe[492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D9001B
.text C:\WINDOWS\system32\services.exe[492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D90FB9
.text C:\WINDOWS\system32\services.exe[492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\services.exe[492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D9005B
.text C:\WINDOWS\system32\services.exe[492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90FD4
.text C:\WINDOWS\system32\services.exe[492] msvcrt.dll!_wsystem 77C2931E 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00720022
.text C:\WINDOWS\system32\services.exe[492] msvcrt.dll!system 77C293C7 5 Bytes JMP 00720011
.text C:\WINDOWS\system32\services.exe[492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00720FC6
.text C:\WINDOWS\system32\services.exe[492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00720000
.text C:\WINDOWS\system32\services.exe[492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00720FA1
.text C:\WINDOWS\system32\services.exe[492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00720FD7
.text C:\WINDOWS\system32\services.exe[492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\lsass.exe[540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E20FE5
.text C:\WINDOWS\system32\lsass.exe[540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E2000A
.text C:\WINDOWS\system32\lsass.exe[540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E20FD4
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10F48
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C1003D
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F6F
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10F80
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10022
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10069
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F21
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10EFC
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C1008B
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C100B0
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10F9B
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FCA
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10058
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\lsass.exe[540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C1007A
.text C:\WINDOWS\system32\lsass.exe[540] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0FCD
.text C:\WINDOWS\system32\lsass.exe[540] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0054
.text C:\WINDOWS\system32\lsass.exe[540] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD001E
.text C:\WINDOWS\system32\lsass.exe[540] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\system32\lsass.exe[540] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD0F97
.text C:\WINDOWS\system32\lsass.exe[540] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[540] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FD0039
.text C:\WINDOWS\system32\lsass.exe[540] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0FBC
.text C:\WINDOWS\system32\lsass.exe[540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E40062
.text C:\WINDOWS\system32\lsass.exe[540] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E40047
.text C:\WINDOWS\system32\lsass.exe[540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E40018
.text C:\WINDOWS\system32\lsass.exe[540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\lsass.exe[540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E40FCD
.text C:\WINDOWS\system32\lsass.exe[540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E40FDE
.text C:\WINDOWS\system32\lsass.exe[540] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FA0025
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90F64
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90F75
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90F86
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90043
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FA8
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F9009B
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90080
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900E2
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F900C7
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F90F38
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90F97
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90F49
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F90FB9
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F90FCA
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F900AC
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0054
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD0014
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD0F97
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FD0039
.text C:\WINDOWS\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD0FA8
.text C:\WINDOWS\system32\svchost.exe[740] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FC0F8B
.text C:\WINDOWS\system32\svchost.exe[740] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FC0FA6
.text C:\WINDOWS\system32\svchost.exe[740] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FC000C
.text C:\WINDOWS\system32\svchost.exe[740] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FC0FE3
.text C:\WINDOWS\system32\svchost.exe[740] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FC0FB7
.text C:\WINDOWS\system32\svchost.exe[740] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FC0FD2
.text C:\WINDOWS\system32\svchost.exe[740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B9009F
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90084
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90073
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90062
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FDB
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90F63
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F74
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90F37
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F48
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90F12
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90FCA
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90011
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F85
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B9003D
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B9002C
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B900D0
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0051
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0F9E
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0FAF
.text C:\WINDOWS\system32\svchost.exe[792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0F6E
.text C:\WINDOWS\system32\svchost.exe[792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0F7F
.text C:\WINDOWS\system32\svchost.exe[792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FAB
.text C:\WINDOWS\system32\svchost.exe[792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0FE3
.text C:\WINDOWS\system32\svchost.exe[792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0F9A
.text C:\WINDOWS\system32\svchost.exe[792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0FC6
.text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0000
.text C:\WINDOWS\System32\svchost.exe[876] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[876] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009B0FB9
.text C:\WINDOWS\System32\svchost.exe[876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009A0F88
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009A007D
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009A006C
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009A005B
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009A0FCA
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009A0F5A
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009A0F6B
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A0F1A
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A0F2B
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009A00CE
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009A0FB9
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009A0098
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009A0036
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009A0025
.text C:\WINDOWS\System32\svchost.exe[876] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009A00B3
.text C:\WINDOWS\System32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02FE0FD4
.text C:\WINDOWS\System32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02FE008A
.text C:\WINDOWS\System32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02FE001B
.text C:\WINDOWS\System32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02FE0FE5
.text C:\WINDOWS\System32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02FE006F
.text C:\WINDOWS\System32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02FE0000
.text C:\WINDOWS\System32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02FE0FC3
.text C:\WINDOWS\System32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1E, 8B]
.text C:\WINDOWS\System32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02FE0040
.text C:\WINDOWS\System32\svchost.exe[876] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02FD0F95
.text C:\WINDOWS\System32\svchost.exe[876] msvcrt.dll!system 77C293C7 5 Bytes JMP 02FD0020
.text C:\WINDOWS\System32\svchost.exe[876] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02FD0FC1
.text C:\WINDOWS\System32\svchost.exe[876] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02FD0FEF
.text C:\WINDOWS\System32\svchost.exe[876] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02FD0FB0
.text C:\WINDOWS\System32\svchost.exe[876] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02FD0FDE
.text C:\WINDOWS\System32\svchost.exe[876] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02190000
.text C:\WINDOWS\System32\svchost.exe[876] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01B30FEF
.text C:\WINDOWS\System32\svchost.exe[876] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01B30FDE
.text C:\WINDOWS\System32\svchost.exe[876] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01B30014
.text C:\WINDOWS\System32\svchost.exe[876] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01B30025
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00640036
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630F70
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630065
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00630F97
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00630FA8
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0063009D
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00630F55
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00630F0B
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006300AE
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00630EFA
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630054
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00630080
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0063002F
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630F3A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FC3
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660051
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660FDE
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660F9E
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660036
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660025
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0065001D
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650F9C
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FC8
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FB7
.text C:\WINDOWS\system32\svchost.exe[928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E00014
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA009F
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA008E
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA007D
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA006C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F68
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F85
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA0F21
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0F3C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA0EFC
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA005B
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA00B0
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0FE5
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0036
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0F4D
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0025
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0040
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0014
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F0FDE
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0F83
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009F0F9E
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BF, 88]
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0FAF
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0FC3
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FD4
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0044
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0029
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C90FDB
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C90011
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C80F57
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C80F72
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C80040
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C80F83
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C80FA5
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C80F21
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C80067
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C8009F
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C8008E
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C800BA
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C80F94
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C8000A
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C80F46
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C80FC0
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C8001B
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C80F10
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CC0014
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CC005E
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CC0FDE
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CC0043
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CC0FA1
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EC, 88]
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CC0FB2
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB0F9C
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB0027
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB000C
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB0FB7
.text C:\WINDOWS\system32\svchost.exe[1160] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB0FD2
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01510000
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01510FE5
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0151001B
.text C:\WINDOWS\system32\svchost.exe[1160] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 01510FCA
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BF0FDE
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE009D
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE008C
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0FA8
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE005B
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0039
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0F97
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE00DF
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F50
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F6B
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE010E
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE004A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE00B8
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0028
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FCD
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F7C
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C30FA8
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C3001B
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C30FB9
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C30FD4
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C30F5E
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C30FE5
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C30F83
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E3, 88] {JECXZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20F9A
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20FAB
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FC6
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C2001B
.text C:\WINDOWS\system32\svchost.exe[1344] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20FE3
.text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C00FDB
.text C:\WINDOWS\system32\svchost.exe[1344] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E60022
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E60011
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D0007D
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00062
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D00051
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00040
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D000C6
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D000A9
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D00F3E
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D00F4F
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D00F2D
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00F9E
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D0008E
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D00FCA
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D00025
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D000D7
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CB0FB2
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CB004A
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CB0FCD
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CB0F8D
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CB002F
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CB001E
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CA0042
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CA0FB7
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CA001D
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CA0FC8
.text C:\WINDOWS\system32\svchost.exe[1484] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CA000C
.text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C9000A
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 019D0FEF
.text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 019D0FD4
.text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 019D0000
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019C000A
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 019C0082
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 019C0071
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 019C0054
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 019C0F97
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 019C0FC3
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 019C0F50
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 019C0F61
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 019C0F24
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 019C00BD
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 019C0F13
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 019C0FA8
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 019C0FEF
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 019C0F7C
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 019C0025
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 019C0FD4
.text C:\WINDOWS\Explorer.EXE[3176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 019C0F3F
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 019B0FA8
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 019B0F50
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 019B0FCD
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 019B0FDE
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 019B0F61
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 019B0FEF
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 019B0F7C
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 89]
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 019B0F97
.text C:\WINDOWS\Explorer.EXE[3176] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01510FBE
.text C:\WINDOWS\Explorer.EXE[3176] msvcrt.dll!system 77C293C7 5 Bytes JMP 01510049
.text C:\WINDOWS\Explorer.EXE[3176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0151002E
.text C:\WINDOWS\Explorer.EXE[3176] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01510000
.text C:\WINDOWS\Explorer.EXE[3176] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01510FCF
.text C:\WINDOWS\Explorer.EXE[3176] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0151001D
.text C:\WINDOWS\Explorer.EXE[3176] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 014F000A
.text C:\WINDOWS\Explorer.EXE[3176] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 014F0FEF
.text C:\WINDOWS\Explorer.EXE[3176] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 014F0FD4
.text C:\WINDOWS\Explorer.EXE[3176] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 014F0025
.text C:\WINDOWS\Explorer.EXE[3176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01500FEF
.text C:\WINDOWS\System32\svchost.exe[3552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0009000A
.text C:\WINDOWS\System32\svchost.exe[3552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090025
.text C:\WINDOWS\System32\svchost.exe[3552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F57
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F68
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0F79
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F8A
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F2B
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F3C
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00BA
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00A9
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F06
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0036
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0067
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0025
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B008E
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002A0F8D
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002A0FCA
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002A0000
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002A0040
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 002A0025
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003F0049
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!system 77C293C7 5 Bytes JMP 003F0FBE
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003F001D
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003F0FEF
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003F0038
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003F000C
.text C:\WINDOWS\System32\svchost.exe[3552] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C0000
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[776] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[776] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ Internet Explorer User Accelerators
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicy ProcessGroupPolicyForActivities
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3014
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ 802.3 Group Policy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName @dot3gpclnt.dll,-100
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx ProcessLANPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy GenerateLANPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName dot3gpclnt.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ Internet Explorer Machine Accelerators
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicy ProcessGroupPolicyForActivities
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DllName C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logon SABWINLOLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logoff SABWINLOLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Startup SABWINLOStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Shutdown SABWINLOShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName crypt32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff ChainWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName cryptnet.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff CryptnetWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName cscdll.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon WinlogonLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff WinlogonLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver WinlogonScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup WinlogonStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown WinlogonShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell WinlogonStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DllName %SystemRoot%\System32\dimsntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Startup WlDimsStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Shutdown WlDimsShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logon WlDimsLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logoff WlDimsLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@StartShell WlDimsStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Lock WlDimsLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Unlock WlDimsUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon SCardStartCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff SCardStopCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock SCardSuspendCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock SCardResumeCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell SchedStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff SchedEventLogOff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff WLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName sclgntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName WlNotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock SensLockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon SensLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff SensLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver SensStartScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver SensStopScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup SensStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown SensShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell SensStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell SensPostShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect SensDisconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect SensReconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock SensUnlockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff TSEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon TSEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell TSEventPostShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown TSEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell TSEventStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup TSEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect TSEventReconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect TSEventDisconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon RegisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff UnregisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET 0
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Gerry Friell\Local Settings\Temporary Internet Files\Content.IE5\LRPTXE5X\109[1] 77 bytes
---- EOF - GMER 1.0.15 ----
2010/12/12 15:07:04.0921 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/12 15:07:04.0921 ================================================================================
2010/12/12 15:07:04.0921 SystemInfo:
2010/12/12 15:07:04.0921
2010/12/12 15:07:04.0921 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/12 15:07:04.0921 Product type: Workstation
2010/12/12 15:07:04.0921 ComputerName: STUDY
2010/12/12 15:07:04.0921 UserName: Gerry Friell
2010/12/12 15:07:04.0921 Windows directory: C:\WINDOWS
2010/12/12 15:07:04.0921 System windows directory: C:\WINDOWS
2010/12/12 15:07:04.0921 Processor architecture: Intel x86
2010/12/12 15:07:04.0921 Number of processors: 2
2010/12/12 15:07:04.0921 Page size: 0x1000
2010/12/12 15:07:04.0921 Boot type: Normal boot
2010/12/12 15:07:04.0921 ================================================================================
2010/12/12 15:07:05.0453 Initialize success
2010/12/12 15:07:15.0453 ================================================================================
2010/12/12 15:07:15.0453 Scan started
2010/12/12 15:07:15.0453 Mode: Manual;
2010/12/12 15:07:15.0453 ================================================================================
2010/12/12 15:07:16.0046 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/12 15:07:16.0078 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/12 15:07:16.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/12 15:07:16.0171 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/12 15:07:16.0203 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/12 15:07:16.0250 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2010/12/12 15:07:16.0312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/12 15:07:16.0390 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
2010/12/12 15:07:16.0421 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/12 15:07:16.0437 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/12 15:07:16.0453 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/12 15:07:16.0468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/12 15:07:16.0500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/12 15:07:16.0546 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
2010/12/12 15:07:16.0609 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2010/12/12 15:07:16.0625 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/12 15:07:16.0703 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/12 15:07:16.0718 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/12 15:07:16.0750 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/12 15:07:16.0843 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys
2010/12/12 15:07:16.0890 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/12 15:07:16.0921 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/12 15:07:16.0937 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/12 15:07:16.0953 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/12 15:07:17.0093 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/12/12 15:07:17.0140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/12 15:07:17.0171 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/12 15:07:17.0234 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/12 15:07:17.0281 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
2010/12/12 15:07:17.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/12 15:07:17.0390 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/12 15:07:17.0421 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/12 15:07:17.0468 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/12 15:07:17.0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/12 15:07:17.0546 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/12 15:07:17.0562 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/12 15:07:17.0593 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/12 15:07:17.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/12 15:07:17.0640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/12 15:07:17.0687 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2010/12/12 15:07:17.0765 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/12 15:07:17.0812 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
2010/12/12 15:07:17.0843 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/12 15:07:17.0890 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
2010/12/12 15:07:17.0968 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/12/12 15:07:18.0015 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/12/12 15:07:18.0109 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
2010/12/12 15:07:18.0218 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/12/12 15:07:18.0296 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
2010/12/12 15:07:18.0359 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
2010/12/12 15:07:18.0421 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
2010/12/12 15:07:18.0453 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
2010/12/12 15:07:18.0515 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
2010/12/12 15:07:18.0609 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
2010/12/12 15:07:18.0703 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
2010/12/12 15:07:18.0734 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/12/12 15:07:18.0859 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
2010/12/12 15:07:18.0906 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/12/12 15:07:18.0968 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/12 15:07:19.0000 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/12 15:07:19.0125 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/12 15:07:19.0203 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/12 15:07:19.0296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/12 15:07:19.0359 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/12 15:07:19.0421 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/12 15:07:19.0484 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
2010/12/12 15:07:19.0515 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/12 15:07:19.0546 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/12 15:07:19.0578 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/12/12 15:07:19.0625 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/12/12 15:07:19.0828 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/12/12 15:07:19.0890 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/12/12 15:07:19.0921 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/12 15:07:19.0984 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/12/12 15:07:20.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/12 15:07:20.0125 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/12 15:07:20.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/12 15:07:20.0171 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/12 15:07:20.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/12 15:07:20.0203 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/12 15:07:20.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/12 15:07:20.0250 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/12 15:07:20.0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/12 15:07:20.0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/12 15:07:20.0375 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/12/12 15:07:20.0437 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
2010/12/12 15:07:20.0484 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
2010/12/12 15:07:20.0546 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/12 15:07:20.0593 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/12 15:07:20.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/12 15:07:20.0687 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/12 15:07:20.0703 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/12 15:07:20.0718 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/12 15:07:20.0796 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
2010/12/12 15:07:20.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/12 15:07:20.0859 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/12 15:07:20.0953 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2010/12/12 15:07:21.0078 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2010/12/12 15:07:21.0171 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2010/12/12 15:07:21.0187 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/12 15:07:21.0250 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/12 15:07:21.0312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/12 15:07:21.0390 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/12 15:07:21.0468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/12 15:07:21.0500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/12 15:07:21.0546 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/12 15:07:21.0578 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/12 15:07:21.0609 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/12 15:07:21.0656 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
2010/12/12 15:07:21.0687 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/12 15:07:21.0750 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/12 15:07:21.0796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/12 15:07:21.0828 L8042Kbd (032b0247cabf54094ca7819d14e8036d) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/12/12 15:07:21.0859 L8042mou (4befd29994327e606c93cc82b208f771) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2010/12/12 15:07:21.0906 LMouKE (98e6dc123f52780a6b03cf9747cb1fc7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/12/12 15:07:21.0984 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/12/12 15:07:22.0218 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/12/12 15:07:22.0359 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/12/12 15:07:22.0406 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/12/12 15:07:22.0484 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/12/12 15:07:22.0515 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/12/12 15:07:22.0531 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/12/12 15:07:22.0562 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/12/12 15:07:22.0640 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/12/12 15:07:22.0718 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/12/12 15:07:22.0859 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/12/12 15:07:22.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/12 15:07:22.0984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/12 15:07:23.0062 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/12 15:07:23.0093 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2010/12/12 15:07:23.0140 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/12 15:07:23.0171 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/12 15:07:23.0203 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/12 15:07:23.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/12 15:07:23.0296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/12 15:07:23.0375 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/12 15:07:23.0421 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/12 15:07:23.0468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/12 15:07:23.0484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/12 15:07:23.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/12 15:07:23.0609 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/12 15:07:23.0625 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/12 15:07:23.0671 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
2010/12/12 15:07:23.0703 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/12 15:07:23.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/12 15:07:23.0781 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/12 15:07:23.0812 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/12 15:07:23.0828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/12 15:07:23.0843 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/12 15:07:23.0859 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/12 15:07:23.0890 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/12 15:07:23.0906 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/12 15:07:23.0984 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/12 15:07:24.0109 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2010/12/12 15:07:24.0156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/12 15:07:24.0203 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/12 15:07:24.0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/12 15:07:24.0453 nv (aaa6daac20c08fda35498515ad6c69c3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/12 15:07:24.0562 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/12 15:07:24.0578 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/12 15:07:24.0625 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/12/12 15:07:24.0656 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/12/12 15:07:24.0671 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/12/12 15:07:24.0687 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/12 15:07:24.0734 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/12/12 15:07:24.0781 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/12/12 15:07:24.0828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/12 15:07:24.0843 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/12 15:07:24.0890 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/12 15:07:24.0906 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/12 15:07:24.0953 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/12 15:07:24.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/12 15:07:25.0062 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/12 15:07:25.0078 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/12 15:07:25.0140 PfModNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\system32\drivers\PfModNT.sys
2010/12/12 15:07:25.0171 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/12 15:07:25.0187 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/12 15:07:25.0203 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/12 15:07:25.0250 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/12 15:07:25.0265 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/12 15:07:25.0296 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/12 15:07:25.0312 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/12 15:07:25.0328 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/12 15:07:25.0343 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/12 15:07:25.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/12 15:07:25.0437 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/12 15:07:25.0453 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/12 15:07:25.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/12 15:07:25.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/12 15:07:25.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/12 15:07:25.0562 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/12 15:07:25.0640 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/12 15:07:25.0687 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/12 15:07:25.0765 RimVSerPort (12a2fd77e334b223531f1e2918480d49) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/12 15:07:25.0796 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/12 15:07:25.0859 s0017bus (6381d7fac6ce956f37aa76031939f8cc) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
2010/12/12 15:07:25.0906 s0017mdfl (3a0b4fc02d9d79a4f7ee9c13e287c5eb) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
2010/12/12 15:07:25.0937 s0017mdm (aa689c79d62caf565357520cae065f17) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
2010/12/12 15:07:25.0968 s0017mgmt (547b1a09017a4c4ce6b535ba810523da) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
2010/12/12 15:07:26.0015 s0017nd5 (6db4820821e819cf61546e1f991a298d) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
2010/12/12 15:07:26.0140 s0017obex (d623bf6f04f7603ee1c4b59c737b69a7) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
2010/12/12 15:07:26.0203 s0017unic (0c970a53fc43815e948628442f8983ad) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
2010/12/12 15:07:26.0359 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/12 15:07:26.0375 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/12 15:07:26.0453 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/12 15:07:26.0515 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2010/12/12 15:07:26.0593 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/12/12 15:07:26.0656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/12 15:07:26.0687 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/12 15:07:26.0750 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/12 15:07:26.0828 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/12 15:07:26.0875 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/12 15:07:26.0921 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/12 15:07:27.0000 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/12 15:07:27.0062 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/12 15:07:27.0093 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/12 15:07:27.0171 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/12 15:07:27.0218 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/12/12 15:07:27.0265 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/12/12 15:07:27.0328 ST330 (c9fa6a70c051fc59d22c2e4cd211ad9b) C:\WINDOWS\system32\drivers\st330.sys
2010/12/12 15:07:27.0343 STBUS (0017202eb0224f82706f04ed35ab23c2) C:\WINDOWS\system32\drivers\stbus.sys
2010/12/12 15:07:27.0421 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/12 15:07:27.0468 stppp (0a9484e3cdafb529b392b5e9ebbc4aa6) C:\WINDOWS\system32\DRIVERS\stppp.sys
2010/12/12 15:07:27.0531 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/12 15:07:27.0609 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/12 15:07:27.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/12 15:07:27.0703 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/12 15:07:27.0734 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/12 15:07:27.0765 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/12 15:07:27.0796 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/12 15:07:27.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/12 15:07:27.0937 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/12 15:07:28.0000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/12 15:07:28.0046 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/12 15:07:28.0125 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/12 15:07:28.0234 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/12/12 15:07:28.0250 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/12/12 15:07:28.0265 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/12/12 15:07:28.0328 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2010/12/12 15:07:28.0343 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/12/12 15:07:28.0359 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/12/12 15:07:28.0375 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/12/12 15:07:28.0390 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/12/12 15:07:28.0421 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/12/12 15:07:28.0484 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/12 15:07:28.0531 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/12 15:07:28.0546 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/12 15:07:28.0609 UPATC (a53b21b52cde26b7cd01ca31a83ce10c) C:\WINDOWS\system32\DRIVERS\upatc.sys
2010/12/12 15:07:28.0687 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/12 15:07:28.0750 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/12 15:07:28.0781 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/12 15:07:28.0812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/12 15:07:28.0859 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/12 15:07:28.0937 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/12 15:07:28.0984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/12 15:07:29.0015 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/12 15:07:29.0046 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/12/12 15:07:29.0078 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/12 15:07:29.0093 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/12 15:07:29.0109 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/12 15:07:29.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/12 15:07:29.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/12 15:07:29.0265 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/12 15:07:29.0421 WN111v2 (966860e5ea3591aa471ec9ced49dc8d2) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
2010/12/12 15:07:29.0500 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/12 15:07:29.0578 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/12 15:07:29.0656 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2010/12/12 15:07:29.0828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/12 15:07:29.0906 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/12 15:07:29.0953 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/12 15:07:30.0031 ================================================================================
2010/12/12 15:07:30.0031 Scan finished
2010/12/12 15:07:30.0031 ================================================================================
2010/12/12 15:07:47.0843 Deinitialize success
kevin27_b3d29f
1.5K Posts
0
January 4th, 2011 12:00
Hi,
There is not a lot of anything showing in the logs.
How many computers are connected to the wireless router that you use?
Lets try this.
NOTE: If MBAM encounters a file that is hard to remove it will prompt for a delete on reboot, answer yes to this and once rebooted please run another scan and post that scan's log results along with the log results from before reboot which can be found under the LOGS tab of Malwarebytes.
.
Your Java is outdated
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Trace and Log Files
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Go here to run an online scannner from ESET.
Please post back the answer to the router question, the fresh MBAM log and the ESET report.
Thanks.
gtlondon
15 Posts
0
January 5th, 2011 08:00
Hi; thanks for the rapid reply.
There is only one other computer on the network - a Dell Studio laptop running Windows 7 Home Premium, with the same MacAfee Security Centre protection package. There are no search problems on that machine to date.
I have followed through the Java update successfully - thanks for that.
Attached are the MBAM and ESET logs. Neither indicated that there were any infected files found.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5462
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
05/01/2011 12:54:34
mbam-log-2011-01-05 (12-54-34).txt
Scan type: Full scan (C:\|)
Objects scanned: 256099
Time elapsed: 1 hour(s), 19 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=90c89c6ec8e298479eeb4c948aca1e50
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-05 04:11:09
# local_time=2011-01-05 04:11:09 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1497234 1497234 0 0
# compatibility_mode=5121 16777189 100 75 1741193 23498135 0 0
# compatibility_mode=8192 67108863 100 0 3873 3873 0 0
# scanned=91891
# found=0
# cleaned=0
# scan_time=4273
I have tried searching and connecting from a google results list just to check, and the problem is still as bad on this computer - all results from any google list are highjacked, so I hope that there are some more options that we can try!
kevin27_b3d29f
1.5K Posts
0
January 5th, 2011 12:00
Hi,
I would like to first try and reset the router as I feel that is the most likely cause of the redirects. There is nothing showing in any of the logs to suggest where the redirects are coming from. That is to not to say that there is nothing there, but it is very unusual for the tools we have used to miss these kinds of things.
Download the latest firmware for the router from the manufacturer's site. Go into the router's setup via your browser and copy on paper all the critical settings in the router. Disconnect all systems attached to the router, wired or wireless. Disconnect the router from any gateway (it might be the gateway with some units provided by ISPs). Disconnect the router power supply and let sit for 15 minutes.
Next, on the rear, bottom or side of the router you should see a small button marked Reset. Depress the Reset button with some small pointed object (a bent paperclip will work), and plug the modem back into the power supply. Watch the LEDs on the front of the router and when they stop flashing the router has been reset and you can release the reset button. Connect the router to the gateway and systems. Upload the latest firmware and then reenter the critical settings manually. Do not restore a previously saved settings file.
You should check the router reset steps with the router manual first, but the steps I outlined are usually what it used. If the router was hacked, that should clear out the hack and the redirects should end. Try it, let's see what happens.
If you need more specific instructions for how to reset the router, please post me the make and model and I will get them for you.
Thanks.
kevin27_b3d29f
1.5K Posts
0
January 6th, 2011 10:00
Hi,
Ok, no trouble, lets try this instead.
Does the router have a reset button. If so I would like you to hold the reset button in for 15 seconds and then switch the router off, all the while, still holding the reset button. Wait another 15 seconds and then turn the router back on, still holding the rest button. Wait another 30 seconds and then release the reset button.
This will restore the router to factory settings, and as such, if you have changed your wireless security key, if will be reverted back to the one that you had to use the very first time that you set the router up.
Let me know if the redirects have stopped after this. If not, are the redirects only in IE? I you have no other browser installed, please install Firefox and let me know if that is also redirected.
Thanks.
gtlondon
15 Posts
0
January 6th, 2011 10:00
Hi
I have tried to follow the router instructions, but after wasting most of a day (nothing to do with your instructions - the fault lies with my supplier!) I discovered that I cannot change the settings. My router is a Netgear WGR164v9, Firmware V1.011_1.0.1VGUK, and was supplied by my ISP, VirginMedia. It does not allow any upgrades to be installed - I found lots of complaints on their own Forum and the Netgear one where it became clear that this model is not supported for upgrades by either VirginMedia or Netgear...
It looks as if I will have to buy a new router. If this was the source of my problem, will a new router resolve that - as well as allowing me to maintain the latest formware versions for better security?
gtlondon
15 Posts
0
January 7th, 2011 03:00
Hi. I think we have success, but I don't really understand why!
I tried the router reset, but the redirects were still happening. So, I then downloaded Firefox and it was working fine - no redirects! For curiosity, I then went back into IE and tried several searches - and they are all returning perfect results with no redirects...
I am clearly happy that searches are now working again, but as I don't understand why I am a little nervous that it might happen again - are we really in the clear?
kevin27_b3d29f
1.5K Posts
0
January 7th, 2011 05:00
Hi,
Ok lets check a bit more just to make sure,
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Please download MBRCheck.exe to your desktop.
Please leave all active protection disabled before running this online scan,
Go here to run an online scannner from ESET.
Please post the MBRCheck log, the ESET Report and a fresh set of DDS logs back to this thread.
Thanks.
gtlondon
15 Posts
0
January 7th, 2011 11:00
Hi - thanks for checking this. The 4 logs are attached - MBRCheck, ESET, DDS and DDS Attach.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d
Kernel Drivers (total 208):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7992000 \WINDOWS\system32\KDCOM.DLL
0xF78A2000 \WINDOWS\system32\BOOTVID.dll
0xF7363000 ACPI.sys
0xF7994000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7352000 pci.sys
0xF7492000 isapnp.sys
0xF7A5A000 pciide.sys
0xF7712000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7996000 aliide.sys
0xF7998000 cmdide.sys
0xF799A000 toside.sys
0xF799C000 viaide.sys
0xF799E000 intelide.sys
0xF74A2000 MountMgr.sys
0xF7333000 ftdisk.sys
0xF771A000 PartMgr.sys
0xF74B2000 VolSnap.sys
0xF78A6000 cpqarray.sys
0xF731B000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF72A6000 iaStor.sys
0xF728E000 atapi.sys
0xF78AA000 aha154x.sys
0xF7722000 sparrow.sys
0xF78AE000 symc810.sys
0xF74C2000 aic78xx.sys
0xF78B2000 dac960nt.sys
0xF74D2000 ql10wnt.sys
0xF78B6000 amsint.sys
0xF772A000 asc.sys
0xF78BA000 asc3550.sys
0xF7732000 mraid35x.sys
0xF773A000 i2omp.sys
0xF78BE000 ini910u.sys
0xF74E2000 ql1240.sys
0xF74F2000 aic78u2.sys
0xF7742000 symc8xx.sys
0xF774A000 sym_hi.sys
0xF7752000 sym_u3.sys
0xF775A000 ABP480N5.SYS
0xF7762000 asc3350p.sys
0xF79A0000 cd20xrnt.sys
0xF7502000 ultra.sys
0xF7275000 adpu160m.sys
0xF776A000 dpti2o.sys
0xF7512000 ql1080.sys
0xF7522000 ql1280.sys
0xF7532000 ql12160.sys
0xF7772000 perc2.sys
0xF79A2000 perc2hib.sys
0xF777A000 hpn.sys
0xF78C2000 cbidf2k.sys
0xF7249000 dac2w2k.sys
0xF7542000 disk.sys
0xF7552000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7229000 fltmgr.sys
0xF7217000 sr.sys
0xF71BA000 mfehidk.sys
0xF71A5000 drvmcdb.sys
0xF7782000 PxHelp20.sys
0xF718E000 KSecDD.sys
0xF717B000 WudfPf.sys
0xF70EE000 Ntfs.sys
0xF70C1000 NDIS.sys
0xF7562000 sisagp.sys
0xF7572000 viaagp.sys
0xF7582000 ohci1394.sys
0xF7592000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF70A7000 Mup.sys
0xF75A2000 agp440.sys
0xF75B2000 alim1541.sys
0xF75C2000 amdagp.sys
0xF75D2000 agpCPQ.sys
0xF75F2000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7702000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5B2A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF5B16000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5AE8000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7872000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5AC4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF787A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5A46000 \SystemRoot\system32\drivers\ctaud2k.sys
0xF5A22000 \SystemRoot\system32\drivers\portcls.sys
0xF6B9B000 \SystemRoot\system32\drivers\drmk.sys
0xF59FF000 \SystemRoot\system32\drivers\ks.sys
0xF59CB000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF59A7000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF595C000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7882000 \SystemRoot\System32\drivers\ctprxy2k.sys
0xF798A000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF591C000 \SystemRoot\system32\drivers\smwdm.sys
0xF5869000 \SystemRoot\system32\drivers\senfilt.sys
0xF5E0F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6B8B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF798E000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0xF5E07000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6B7B000 \SystemRoot\system32\DRIVERS\L8042mou.Sys
0xF6B6B000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
0xF5DFF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF5855000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6B5B000 \SystemRoot\system32\DRIVERS\serial.sys
0xF6FE3000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF5DF7000 \SystemRoot\system32\drivers\Afc.sys
0xF79F2000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF5DEF000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF6B4B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6B3B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5DE7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF6B2B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79F4000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF6B1B000 \SystemRoot\system32\DRIVERS\jswscimd.sys
0xF7BDF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF5841000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF6B0B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6FD7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF582A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6509000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF64F9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF5DDF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5819000 \SystemRoot\system32\DRIVERS\psched.sys
0xF64E9000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF5DD7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF5DCF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF64D9000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF5DC7000 \SystemRoot\system32\DRIVERS\seehcri.sys
0xF79F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF57BB000 \SystemRoot\system32\DRIVERS\update.sys
0xF6FCF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF788A000 \SystemRoot\system32\DRIVERS\omci.sys
0xF7087000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7067000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xEFACE000 \SystemRoot\System32\drivers\hap16v2k.sys
0xEF9C4000 \SystemRoot\System32\drivers\ha10kx2k.sys
0xEF995000 \SystemRoot\System32\drivers\emupia2k.sys
0xEF96C000 \SystemRoot\System32\drivers\ctsfm2k.sys
0xEF8D0000 \SystemRoot\System32\drivers\ctac32k.sys
0xEB91E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xEFB09000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79C6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEB19F000 \SystemRoot\System32\Drivers\Null.SYS
0xF79C8000 \SystemRoot\System32\Drivers\Beep.SYS
0xEB90E000 \SystemRoot\system32\drivers\ssrtln.sys
0xEB19E000 \SystemRoot\System32\Drivers\ATMhelpr.SYS
0xEB906000 \SystemRoot\System32\drivers\vga.sys
0xF79CA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79CC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEB8FE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEB8F6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEFAFD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEF7FD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEF7A4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEF77E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEF76B000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xEF743000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEB602000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEE2E3000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEF721000 \SystemRoot\System32\drivers\afd.sys
0xEB5F2000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEB5E2000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEF6F6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEF686000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEB5D2000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF670000 \SystemRoot\system32\DRIVERS\upatc.sys
0xEB3F8000 \SystemRoot\system32\DRIVERS\WN111v2.sys
0xF1528000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEB105000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF62B6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF13A6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B90000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7037000 \SystemRoot\system32\drivers\drvnddm.sys
0xF1156000 \SystemRoot\system32\dla\tfsndres.sys
0xEB01A000 \SystemRoot\system32\dla\tfsnifs.sys
0xF1F60000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7A16000 \SystemRoot\system32\dla\tfsnpool.sys
0xF139E000 \SystemRoot\system32\dla\tfsnboio.sys
0xF7017000 \SystemRoot\system32\dla\tfsncofs.sys
0xF1155000 \SystemRoot\system32\dla\tfsndrct.sys
0xEB001000 \SystemRoot\system32\dla\tfsnudf.sys
0xEB066000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEB050000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xF7672000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xEDA07000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEB1E3000 \SystemRoot\system32\drivers\wdmaud.sys
0xF2019000 \SystemRoot\system32\drivers\sysaudio.sys
0xEB6C9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79B8000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF79BA000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xEB615000 \SystemRoot\system32\DRIVERS\srv.sys
0xF77DA000 \SystemRoot\system32\drivers\npf.sys
0xEB468000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xEB7AF000 \??\C:\WINDOWS\system32\drivers\PfModNT.sys
0xF1578000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xEBC28000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF64C9000 \SystemRoot\system32\drivers\cfwids.sys
0xEBC95000 \SystemRoot\system32\COMMONFX.DLL
0xEC47E000 \SystemRoot\system32\CTSBLFX.DLL
0xEC3F3000 \SystemRoot\system32\CTAUDFX.DLL
0xEC30E000 \SystemRoot\System32\Drivers\HTTP.sys
0xF10E1000 \SystemRoot\System32\Drivers\AFGSp50.sys
0xED809000 \SystemRoot\system32\drivers\kmixer.sys
0xEBC7B000 \SystemRoot\system32\drivers\mfeapfk.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll
Processes (total 59):
0 System Idle Process
4 System
1932 C:\WINDOWS\SYSTEM32\smss.exe
1988 csrss.exe
2012 C:\WINDOWS\SYSTEM32\winlogon.exe
148 C:\WINDOWS\SYSTEM32\services.exe
220 C:\WINDOWS\SYSTEM32\lsass.exe
420 C:\WINDOWS\SYSTEM32\svchost.exe
472 svchost.exe
516 C:\WINDOWS\SYSTEM32\svchost.exe
556 C:\WINDOWS\SYSTEM32\svchost.exe
636 svchost.exe
936 svchost.exe
1364 C:\WINDOWS\SYSTEM32\spoolsv.exe
1372 C:\WINDOWS\SYSTEM32\rundll32.exe
1532 svchost.exe
1572 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1584 C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
1596 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1628 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
1756 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
1788 C:\Program Files\Java\jre6\bin\jqs.exe
1824 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1904 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
756 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
852 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1028 C:\WINDOWS\SYSTEM32\nvsvc32.exe
1056 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
1112 C:\Program Files\WinPcap\rpcapd.exe
1872 C:\WINDOWS\SYSTEM32\snmp.exe
888 C:\WINDOWS\SYSTEM32\svchost.exe
1148 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
1464 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
3008 C:\WINDOWS\explorer.exe
3928 alg.exe
624 C:\WINDOWS\SYSTEM32\svchost.exe
840 C:\Program Files\Analog Devices\Core\smax4pnp.exe
836 C:\Program Files\Real\RealPlayer\realplay.exe
1204 C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
428 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
1304 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
2736 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
2468 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
2832 C:\WINDOWS\SYSTEM32\CtHelper.exe
2880 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3168 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
3344 C:\Program Files\McAfee.com\Agent\mcagent.exe
3772 C:\Program Files\iTunes\iTunesHelper.exe
3956 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3976 C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
3996 C:\WINDOWS\SYSTEM32\ctfmon.exe
1256 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
1504 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
2176 C:\Program Files\iPod\bin\iPodService.exe
1844 C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
1768 wmiprvse.exe
2404 C:\Program Files\Internet Explorer\iexplore.exe
776 C:\Program Files\Internet Explorer\iexplore.exe
4020 C:\Documents and Settings\Gerry Friell\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500JD-75HBB0, Rev: 08.02D08
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365
Done!
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process.
OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=90c89c6ec8e298479eeb4c948aca1e50
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-07 07:04:57
# local_time=2011-01-07 07:04:57 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1680485 1680485 0 0
# compatibility_mode=5121 16777189 100 75 1924444 23681386 0 0
# compatibility_mode=8192 67108863 100 0 9207 9207 0 0
# scanned=92981
# found=0
# cleaned=0
# scan_time=4251
DDS (Ver_10-12-12.02) - NTFSx86
Run by Gerry Friell at 19:42:42.32 on 07/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.546 [GMT 0:00]
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Documents and Settings\Gerry Friell\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.virginmedia.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by MSN & Bing
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110107191032.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: argos.co.uk\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: thetrainline.com\www
Trusted Zone: virgin.net\www
Trusted Zone: virginmedia.com\ebill2
Trusted Zone: windowsupdate.com\download
Trusted Zone: wwte.com\ukeurostarplanet
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://creative.com/su/ocx/15015/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} - hxxp://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256666358109
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://69.57.245.114/activex/AxisCamControl.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://creative.com/su/ocx/15021/CTPID.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\gerryf~1\applic~1\mozilla\firefox\profiles\czr9wjeu.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 386840]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2006-4-1 4064]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-22 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-9 210216]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-22 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-22 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-22 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-22 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-22 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-22 141792]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-1-7 32512]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-4-23 90112]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-22 55840]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-9 152960]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-22 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-22 88544]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-23 27632]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe --> c:\program files\netgear\wn111v2\jswpsapi.exe [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-9 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-22 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-22 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-9 40552]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-1-10 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-1-10 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-1-10 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-1-10 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-1-10 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-1-10 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-1-10 117672]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2009-2-4 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2009-2-4 12672]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2009-2-4 32000]
=============== Created Last 30 ================
2011-01-07 19:10:32 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-01-07 16:20:59 -------- d-----w- c:\program files\ESET
2011-01-07 10:43:26 -------- d-----w- c:\docume~1\gerryf~1\applic~1\Affinegy
2011-01-07 10:38:39 81920 ----a-w- c:\windows\system32\packet.dll
2011-01-07 10:38:39 61440 ----a-w- c:\windows\system32\wanpacket.dll
2011-01-07 10:38:39 32512 ----a-w- c:\windows\system32\drivers\npf.sys
2011-01-07 10:38:39 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2011-01-07 10:38:39 233472 ----a-w- c:\windows\system32\wpcap.dll
2011-01-07 10:38:39 -------- d-----w- c:\program files\WinPcap
2011-01-07 10:38:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Affinegy
2011-01-07 10:38:29 -------- d-----w- c:\program files\Virgin Broadband Wireless
2011-01-06 21:47:52 -------- d-----w- c:\program files\Atheros
2011-01-05 14:16:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-03 19:14:38 -------- d-----w- C:\ARK
2010-12-19 08:06:21 388096 ----a-r- c:\docume~1\gerryf~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-19 08:06:21 -------- d-----w- c:\program files\Trend Micro
2010-12-16 10:03:08 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 09:57:51 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-12 17:00:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-12-10 23:06:04 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-10 23:04:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-12-10 23:04:47 -------- d-----w- c:\program files\Hitman Pro 3.5
==================== Find3M ====================
2011-01-05 14:16:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 11:06:33 87552 --sha-r- c:\windows\system32\ntoskrnl5.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 19:44:49.84 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 04/05/2005 18:41:35
System Uptime: 07/01/2011 15:44:07 (4 hours ago)
Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 229 GiB total, 156.398 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 537EP V9x DF PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
Manufacturer: Intel Corporation
Name: Intel(R) 537EP V9x DF PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
Service: Modem
==== System Restore Points ===================
RP1: 07/11/2010 11:24:09 - System Checkpoint
RP2: 08/11/2010 17:46:52 - System Checkpoint
RP3: 09/11/2010 18:28:52 - System Checkpoint
RP4: 10/11/2010 12:31:12 - Software Distribution Service 3.0
RP5: 18/11/2010 11:30:35 - System Checkpoint
RP6: 24/11/2010 21:08:29 - System Checkpoint
RP7: 28/11/2010 16:59:30 - System Checkpoint
RP8: 30/11/2010 17:59:36 - System Checkpoint
RP9: 30/11/2010 20:49:03 - Cleaned registry with Windows Live OneCare safety scanner
RP10: 02/12/2010 10:14:05 - System Checkpoint
RP11: 03/12/2010 12:21:50 - Installed Windows Internet Explorer 8.
RP12: 03/12/2010 12:23:01 - Software Distribution Service 3.0
RP13: 03/12/2010 12:29:56 - Software Distribution Service 3.0
RP14: 03/12/2010 22:25:19 - Removed PRODUCT_NAME
RP15: 05/12/2010 15:35:21 - System Checkpoint
RP16: 09/12/2010 20:15:08 - System Checkpoint
RP17: 09/12/2010 20:26:41 - Removed PRODUCT_NAME
RP18: 10/12/2010 21:14:06 - System Checkpoint
RP19: 10/12/2010 22:33:49 - Cleaned registry with Windows Live OneCare safety scanner
RP20: 13/12/2010 09:27:42 - System Checkpoint
RP21: 16/12/2010 12:24:41 - Software Distribution Service 3.0
RP22: 19/12/2010 08:06:20 - Installed HiJackThis
RP23: 20/12/2010 08:22:41 - System Checkpoint
RP24: 21/12/2010 22:49:23 - System Checkpoint
RP25: 23/12/2010 11:14:55 - System Checkpoint
RP26: 24/12/2010 11:54:03 - System Checkpoint
RP27: 27/12/2010 11:15:26 - System Checkpoint
RP28: 31/12/2010 10:52:10 - System Checkpoint
RP29: 03/01/2011 17:43:08 - System Checkpoint
RP30: 04/01/2011 18:19:33 - System Checkpoint
RP31: 05/01/2011 14:01:37 - Removed J2SE Runtime Environment 5.0 Update 10
RP32: 05/01/2011 14:02:19 - Removed J2SE Runtime Environment 5.0 Update 11
RP33: 05/01/2011 14:02:56 - Removed J2SE Runtime Environment 5.0 Update 6
RP34: 05/01/2011 14:03:49 - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP35: 05/01/2011 14:04:29 - Removed Java(TM) 6 Update 2
RP36: 05/01/2011 14:05:25 - Removed Java(TM) 6 Update 20
RP37: 05/01/2011 14:06:10 - Removed Java(TM) 6 Update 3
RP38: 05/01/2011 14:06:51 - Removed Java(TM) 6 Update 5
RP39: 05/01/2011 14:07:40 - Removed Java(TM) 6 Update 7
RP40: 05/01/2011 14:08:28 - Removed Java(TM) SE Runtime Environment 6 Update 1
RP41: 05/01/2011 14:15:51 - Installed Java(TM) 6 Update 23
RP42: 06/01/2011 18:34:56 - System Checkpoint
RP43: 06/01/2011 21:43:42 - Configured RangeMax Wireless-N USB Adapter WN111v2
RP44: 06/01/2011 21:47:01 - Installed RangeMax Wireless-N USB Adapter WN111v2
RP45: 06/01/2011 21:54:01 - Installed RangeMax Wireless-N USB Adapter WN111v2
RP46: 06/01/2011 22:21:01 - Installed RangeMax Wireless-N USB Adapter WN111v2
RP47: 06/01/2011 23:02:29 - Installed RangeMax Wireless-N USB Adapter WN111v2
RP48: 07/01/2011 10:26:10 - Removed Bonjour
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Adobe Type Manager 4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ARTEuro
Audio User's Guide
Avanquest update
Broadcom Advanced Control Suite 2
Business Contact Manager for Outlook 2003
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities PhotoStitch 3.1
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
Creative Audio Console
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell System Restore
DellSupport
Email Updater
ESET Online Scanner v3
G15A922EN
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iPod for Windows 2005-10-12
iPod for Windows 2006-03-23
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java Auto Updater
Java(TM) 6 Update 23
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Shredder
McAfee SiteAdvisor
MediaLife
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.6.13)
MSN
NVIDIA Drivers
OVT Scanner X86
PowerDVD 5.3
QuickTime
RealArcade
RealPlayer Basic
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 6.009.00
Sound Blaster Audigy 2 ZS
SpeedTouch USB Software
Spelling Dictionaries Support For Adobe Reader 9
Uninstall OVT Scanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wireless Manager
WN111v2
==== Event Viewer Messages From Past Week ========
07/01/2011 19:43:19, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the rpcapd service.
07/01/2011 10:38:46, error: Service Control Manager [7000] - The NetGroup Packet Filter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
06/01/2011 22:36:53, error: System Error [1003] - Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3 00000000, parameter4 00000000.
06/01/2011 22:25:18, error: System Error [1003] - Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.
06/01/2011 21:59:56, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 00320035, parameter3 b6376ba4, parameter4 00000000.
06/01/2011 21:40:01, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 00540051, parameter3 eb9a9ba4, parameter4 00000000.
06/01/2011 21:24:27, error: System Error [1003] - Error code 10000050, parameter1 89825799, parameter2 00000001, parameter3 007e0017, parameter4 00000000.
06/01/2011 21:22:54, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001111C48720 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
06/01/2011 20:18:28, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 00540051, parameter3 eb654ba4, parameter4 00000000.
06/01/2011 17:24:16, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00223F904230 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
06/01/2011 14:06:33, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001111C48720 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
06/01/2011 12:56:44, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
06/01/2011 12:42:44, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
05/01/2011 14:08:51, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
==== End Of File ===========================
kevin27_b3d29f
1.5K Posts
0
January 7th, 2011 23:00
Hi,
The logs look good, How is the system running now?
Thanks.
gtlondon
15 Posts
0
January 9th, 2011 07:00
Hi - it seems that I was celebrating prematurely..
The system has been fine for a day or so, but I have just tried searching and was redirected once out of a group of about 10 searches. The I tried again, and each time it became more frequent and now all searches are being redirected again. I switched to Firefox, and the redirect virus tried to change that search result - but it was interrupted by Site Advisor and it seems that I am not the oly one with this problem - see the attached details copied from Firefox/Site Advisor.
67.201.36.16/nolink.html may cause a breach of browser security.
Why were you redirected to this page?
When we tested 67.201.36.16/nolink.html, it attempted to make unauthorized changes to our test computer by exploiting a browser security vulnerability. This is a serious security threat which could lead to an infection of your computer.
What should I try next, please?
kevin27_b3d29f
1.5K Posts
0
January 9th, 2011 09:00
Hi,
We are dealing with a new variant of a rootkit. We need to back up the MBR before we do anything else.
Please Download HDHacker by Dimio and save the HDHacker.zip to your Desktop
WARNING: This strange writing is your MBR and should not be edited in any way. Editing this text may break your Operating System should you use an incorrectly edited backup in the future.
This is a sample picture of a MBR. DO NOT be alarmed if your MBR varies slightly. This is just to give you an idea of what an MBR looks like.
Ithen need you to upload me the MBR file for an analyst, please go to THIS web page, once there please copy/paste the link to this thread in the dialogue box where it says Link to topic where this file was requested:.
Then please click the Browse button and then using the Windows Explorer box that opens, please navigate to this file:
C:\MBR_HardDisk0.dat
Once you have located the file please click it once so it appears in the text box at the bottom of the Windows Explorer box and then click OK. Then please click the Send File button on the web page.
Once the MBR is backed up and has been uploaded, let me know and we will move on to the next set.
Also, please let me know, do you have your Windows installation disk?
Thanks.
gtlondon
15 Posts
0
January 9th, 2011 09:00
Hi.
I have submitted the file as requested.
Unfortunately, I do not have the Windows disk - when supplied by Dell my pack included a note to say that 'Your computer does not require an OS CD'!
After the earlier problem I reported - when the virus tried to hijack Firefox - I stopped working and posted my last comments. Since then I have tried a number of searches and they are all working normally again. Could the fact of blocking that Firefox hijack haver stopped the wider problem, or is that too optimistic?
kevin27_b3d29f
1.5K Posts
0
January 9th, 2011 13:00
Hi,
No, I think the redirects will be back at some point.
Please delete any versions of TDSSKiller you have by right clicking the desktop icon and clicking delete, then please download and run the tool as per the instructions below.
Please read carefully and follow these steps.
Please post the new TDSSKiller log back for review.
Thanks.