Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AV Security Suite

Started by Marmaduke , Jul 10 2010 04:24 PM

  • This topic is locked This topic is locked

#1
Marmaduke
Posted 10 July 2010 - 04:24 PM

Marmaduke

    Member

  • Member
  • PipPip
  • 24 posts
My wife's PC was infected with this beast and Malewarebytes will not function.
I have read the post....http://www.geekstogo.com/forum/AV-Security-Suite-Malware-Removal-help-t280656.html
And have the following info from OTL

OTL logfile created on: 7/10/2010 5:59:37 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = D:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 662.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.07 Gb Total Space | 53.85 Gb Free Space | 77.96% Space Free | Partition Type: NTFS
Drive D: | 480.19 Mb Total Space | 469.44 Mb Free Space | 97.76% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAPRCIE
Current User Name: Caprice Light
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\Temp\Ijq.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\kmw_run.exe (Kensington Technology Group)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - D:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation)
SRV - (SonicStageMonitoring) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (KMW_USB) -- C:\WINDOWS\system32\drivers\KMW_USB.sys (Kensington Technology Group)
DRV - (KMW_SYS) -- C:\WINDOWS\system32\drivers\KMW_SYS.sys (Kensington Technology Group)
DRV - (KMW_KBD) -- C:\WINDOWS\system32\drivers\KMW_KBD.sys (Kensington Technology Group)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (NETw3x32) Intel® -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 08:38:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 08:38:55 | 000,000,000 | ---D | M]

[2009/02/01 10:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caprice Light\Application Data\Mozilla\Extensions
[2010/07/07 20:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caprice Light\Application Data\Mozilla\Firefox\Profiles\xgz1l4so.default\extensions
[2009/09/03 21:31:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Caprice Light\Application Data\Mozilla\Firefox\Profiles\xgz1l4so.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/15 09:48:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Caprice Light\Application Data\Mozilla\Firefox\Profiles\xgz1l4so.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/07 20:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 09:48:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/15 09:48:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/03/15 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [mktmylip] C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhcumemai\jhpfyubtssd.exe ()
O4 - HKLM..\Run: [MSWheel] File not found
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [{C71348A8-5D4E-C632-EFC9-16D7636D5BE7}] C:\Documents and Settings\Caprice Light\Application Data\Tamy\anzu.exe ()
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1162518473468 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.162.221,93.188.166.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.221,93.188.166.201
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Caprice Light\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Caprice Light\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 18:15:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:) - File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5318561081851904)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/10 17:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/07/10 17:41:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Caprice Light\Recent
[2010/07/08 19:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhcumemai
[2010/07/07 20:32:16 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/07/07 20:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/03 19:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\mainstreet_files
[2010/07/03 15:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/01 19:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/29 19:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\giant-chocolate-sugar-cookies_files
[2010/06/07 20:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/07 20:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/16 13:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\Alamo Rent A Car - Discount Rental Cars, Vacation Car Rental Deals_files
[2010/05/16 13:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\viewReservationDetailsSubmit.do_files
[2010/05/15 10:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/08 09:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\new shoes_files
[2010/04/25 19:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caprice Light\Desktop\customer_service_egift_pickup.jsp_files
[2010/04/12 20:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/10 17:51:41 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\0632e3a5.job
[2010/07/10 17:50:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/10 17:47:31 | 000,050,176 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll
[2010/07/10 17:47:29 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/10 17:46:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 17:46:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/10 17:46:20 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/10 17:46:20 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/10 17:44:49 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Caprice Light\NTUSER.DAT
[2010/07/10 17:44:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Caprice Light\ntuser.ini
[2010/07/10 17:07:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/10 12:14:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 20:26:04 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Application Data\0632e3a5.exe
[2010/07/03 19:27:51 | 000,123,093 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\mainstreet.html
[2010/06/29 19:33:11 | 000,097,285 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\giant-chocolate-sugar-cookies.htm
[2010/05/16 13:33:55 | 000,006,362 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\Alamo Rent A Car - Discount Rental Cars, Vacation Car Rental Deals.htm
[2010/05/16 13:10:07 | 000,190,873 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\viewReservationDetailsSubmit.do.htm
[2010/05/08 09:41:22 | 000,383,422 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\new shoes.htm
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 19:40:11 | 000,041,882 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Desktop\customer_service_egift_pickup.jsp.htm
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/07 20:27:15 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/07 20:26:08 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/07 20:26:07 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[2010/07/07 20:26:05 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Application Data\0632e3a5.exe
[2010/07/07 20:26:05 | 000,000,296 | -H-- | C] () -- C:\WINDOWS\tasks\0632e3a5.job
[2010/07/03 19:27:49 | 000,123,093 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\mainstreet.html
[2010/06/29 19:33:09 | 000,097,285 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\giant-chocolate-sugar-cookies.htm
[2010/05/16 13:33:55 | 000,006,362 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\Alamo Rent A Car - Discount Rental Cars, Vacation Car Rental Deals.htm
[2010/05/16 13:10:04 | 000,190,873 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\viewReservationDetailsSubmit.do.htm
[2010/05/08 09:41:19 | 000,383,422 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\new shoes.htm
[2010/04/25 19:40:09 | 000,041,882 | ---- | C] () -- C:\Documents and Settings\Caprice Light\Desktop\customer_service_egift_pickup.jsp.htm
[2008/09/10 22:05:06 | 000,000,146 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/07/20 19:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/06/30 13:01:30 | 000,000,021 | ---- | C] () -- C:\WINDOWS\pccillin.ini
[2006/09/15 14:58:10 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/09/15 14:51:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/15 14:51:27 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/15 14:51:27 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/15 14:51:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/15 14:51:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/15 14:51:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/15 14:49:29 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/09/15 14:49:01 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/09/15 14:47:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/15 14:40:54 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 20:06:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 19:54:50 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/01 19:46:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/09/01 18:58:29 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/01 18:22:45 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/01 17:56:18 | 000,000,764 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/01 21:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2006/09/15 14:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2006/11/02 20:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/07/10 16:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caprice Light\Application Data\Akcop
[2007/07/23 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caprice Light\Application Data\InterVideo
[2007/07/21 20:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caprice Light\Application Data\Kensington
[2009/08/09 07:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caprice Light\Application Data\Tamy
[2010/07/10 17:51:41 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\Tasks\0632e3a5.job
[2010/07/10 17:47:29 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/10 17:50:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/01 18:15:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/07/21 20:37:40 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2006/09/01 18:15:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/10 17:46:20 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2006/09/01 18:15:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/09/15 14:43:50 | 000,001,219 | -H-- | M] () -- C:\IPH.PH
[2006/09/01 18:15:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/15 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/23 20:53:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/10 17:46:18 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/07/10 17:54:38 | 000,000,350 | ---- | M] () -- C:\rkill.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/09/01 11:01:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/09/01 11:01:55 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/09/01 11:01:55 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >


OTL Extras logfile created on: 7/10/2010 5:59:37 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = D:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 662.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.07 Gb Total Space | 53.85 Gb Free Space | 77.96% Space Free | Partition Type: NTFS
Drive D: | 480.19 Mb Total Space | 469.44 Mb Free Space | 97.76% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAPRCIE
Current User Name: Caprice Light
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{37ADBECF-1420-4557-B8CC-BED57053C3FF}" = Click to DVD Tutorial
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5B82682E-C555-45DA-8E2C-CE6525427AC9}" = Click to DVD 2.5.30
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{908994F4-EBD2-40E0-B8F3-7004FA54E909}" = VAIO Media Tutorial
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A87EBA79-93DB-4A87-B9BA-62F8FB12D993}" = ImageStation
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D9952D4E-766C-4CD3-BF2E-A2C3D8B15EF3}" = VAIO Backup Utility
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}" = Macromedia Flash Player 8 Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Search Enhancement" = Search Enhancement by AOL Search
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = Soft Data Fax Modem with SmartCP
"DISCover" = DISCover
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"PCFriendly" = PCFriendly
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"ProInst" = Intel® PROSet/Wireless Software
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2010 11:42:17 AM | Computer Name = CAPRCIE | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....028F20EEE4.crt>
with error: The connection with the server was terminated abnormally

Error - 7/5/2010 11:42:17 AM | Computer Name = CAPRCIE | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....028F20EEE4.crt>
with error: This network connection does not exist.

Error - 7/7/2010 8:32:21 PM | Computer Name = CAPRCIE | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00d12973.

Error - 7/8/2010 7:02:41 PM | Computer Name = CAPRCIE | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00dc2973.

Error - 7/8/2010 7:39:34 PM | Computer Name = CAPRCIE | Source = Application Error | ID = 1000
Description = Faulting application wabe.exe, version 56.92.63.22, faulting module
gdi32.dll, version 5.1.2600.5698, fault address 0x000059be.

Error - 7/10/2010 5:10:05 PM | Computer Name = CAPRCIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 7/10/2010 5:10:06 PM | Computer Name = CAPRCIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 5:41:56 PM | Computer Name = CAPRCIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 7/10/2010 5:41:58 PM | Computer Name = CAPRCIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 7/10/2010 5:49:02 PM | Computer Name = CAPRCIE | Source = Application Error | ID = 1000
Description = Faulting application ehRec.exe, version 5.1.2710.2732, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

[ System Events ]
Error - 7/10/2010 4:50:19 PM | Computer Name = CAPRCIE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/10/2010 5:46:30 PM | Computer Name = CAPRCIE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/10/2010 5:46:30 PM | Computer Name = CAPRCIE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/10/2010 5:49:02 PM | Computer Name = CAPRCIE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Intel® PROSet/Wireless
Registry Service service to connect.

Error - 7/10/2010 5:49:02 PM | Computer Name = CAPRCIE | Source = Service Control Manager | ID = 7000
Description = The Intel® PROSet/Wireless Registry Service service failed to start
due to the following error: %%1053

Error - 7/10/2010 5:49:02 PM | Computer Name = CAPRCIE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SSDP Discovery Service
service to connect.

Error - 7/10/2010 5:49:02 PM | Computer Name = CAPRCIE | Source = Service Control Manager | ID = 7000
Description = The SSDP Discovery Service service failed to start due to the following
error: %%1053

Error - 7/10/2010 5:49:02 PM | Computer Name = CAPRCIE | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1053

Error - 7/10/2010 5:49:02 PM | Computer Name = CAPRCIE | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1068

Error - 7/10/2010 5:49:02 PM | Computer Name = CAPRCIE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1053


< End of report >


Here is the GMER report...It stayed in this state for a long time so I just saved it and posted...


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-10 18:23:12
Windows 5.1.2600 Service Pack 3
Running: l22econj.exe; Driver: C:\DOCUME~1\CAPRIC~1\LOCALS~1\Temp\pxldqpob.sys


---- System - GMER 1.0.15 ----

SSDT F7DB85DE ZwCreateKey
SSDT F7DB85D4 ZwCreateThread
SSDT F7DB85E3 ZwDeleteKey
SSDT F7DB85ED ZwDeleteValueKey
SSDT F7DB85F2 ZwLoadKey
SSDT F7DB85C0 ZwOpenProcess
SSDT F7DB85C5 ZwOpenThread
SSDT F7DB85FC ZwReplaceKey
SSDT F7DB85F7 ZwRestoreKey
SSDT F7DB85E8 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FAC 80504848 4 Bytes CALL 754823D2
.rsrc C:\WINDOWS\system32\DRIVERS\avipbb.sys entry point in ".rsrc" section [0xAA413014]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00150930
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00150AF9
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00150BA0
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00145DA3
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00145D1B
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00158FBD
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00145D5F
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 0014551B
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00145575
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00145477
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 001490CC
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00149170
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 00148D1E
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 00148D73
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 00148E2C
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 00145548
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 001491C7
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 00148D96
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 00145C03
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 00145C76
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00145335
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 001452FE
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 00148FF4
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 001455A5
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 00149243
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 00145DE8
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 00149042
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 0014921E
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 00148DE1
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 001453C3
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 00145422
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00145CBB
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 00149238
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 0014911E
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 00145E80
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 00148EC2
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 00148F5E
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0015912F
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 00148E77
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 00148F10
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 00148FA9
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 00145381
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0015AD34
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0015AE40
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0015AD7C
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0015AE0F
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0015AB99
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 0015ABF2
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0015AB40
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0015ADC0
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0015AC93
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00144A35
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00144A72
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00144A98
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[448] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 001507E2
.text C:\WINDOWS\explorer.exe[488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\explorer.exe[488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C5000A
.text C:\WINDOWS\explorer.exe[488] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1272] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\System32\svchost.exe[1272] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DF000A
.text C:\WINDOWS\system32\wscntfy.exe[1332] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00DB0930
.text C:\WINDOWS\system32\wscntfy.exe[1332] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DB0AF9
.text C:\WINDOWS\system32\wscntfy.exe[1332] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00DB0BA0
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00DA5DA3
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00DA5D1B
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00DB8FBD
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00DA5D5F
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00DA551B
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00DA5575
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00DA5477
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00DA90CC
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00DA9170
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 00DA8D1E
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 00DA8D73
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 00DA8E2C
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 00DA5548
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 00DA91C7
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 00DA8D96
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 00DA5C03
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 00DA5C76
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00DA5335
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 00DA52FE
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 00DA8FF4
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 00DA55A5
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 00DA9243
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 00DA5DE8
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 00DA9042
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 00DA921E
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 00DA8DE1
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 00DA53C3
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 00DA5422
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00DA5CBB
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 00DA9238
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 00DA911E
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 00DA5E80
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 00DA8EC2
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 00DA8F5E
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00DB912F
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 00DA8E77
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 00DA8F10
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 00DA8FA9
.text C:\WINDOWS\system32\wscntfy.exe[1332] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 00DA5381
.text C:\WINDOWS\system32\wscntfy.exe[1332] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 00DBAD34
.text C:\WINDOWS\system32\wscntfy.exe[1332] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 00DBAE40
.text C:\WINDOWS\system32\wscntfy.exe[1332] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 00DBAD7C
.text C:\WINDOWS\system32\wscntfy.exe[1332] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 00DBAE0F
.text C:\WINDOWS\system32\wscntfy.exe[1332] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00DBAB99
.text C:\WINDOWS\system32\wscntfy.exe[1332] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 00DBABF2
.text C:\WINDOWS\system32\wscntfy.exe[1332] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00DBAB40
.text C:\WINDOWS\system32\wscntfy.exe[1332] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 00DBADC0
.text C:\WINDOWS\system32\wscntfy.exe[1332] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 00DBAC93
.text C:\WINDOWS\system32\wscntfy.exe[1332] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DA4A35
.text C:\WINDOWS\system32\wscntfy.exe[1332] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DA4A72
.text C:\WINDOWS\system32\wscntfy.exe[1332] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DA4A98
.text C:\WINDOWS\system32\wscntfy.exe[1332] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00DB07E2
.text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E7000A
.text C:\WINDOWS\system32\wuauclt.exe[2336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\wuauclt.exe[2336] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\wuauclt.exe[2336] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\system32\hkcmd.exe[3580] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01230930
.text C:\WINDOWS\system32\hkcmd.exe[3580] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01230AF9
.text C:\WINDOWS\system32\hkcmd.exe[3580] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01230BA0
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 01225DA3
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 01225D1B
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01238FBD
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 01225D5F
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 0122551B
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 01225575
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 01225477
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 012290CC
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 01229170
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 01228D1E
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 01228D73
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 01228E2C
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 01225548
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 012291C7
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 01228D96
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 01225C03
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 01225C76
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01225335
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 012252FE
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 01228FF4
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 012255A5
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 01229243
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 01225DE8
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 01229042
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 0122921E
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 01228DE1
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 012253C3
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 01225422
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 01225CBB
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 01229238
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 0122911E
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 01225E80
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 01228EC2
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 01228F5E
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0123912F
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 01228E77
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 01228F10
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 01228FA9
.text C:\WINDOWS\system32\hkcmd.exe[3580] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 01225381
.text C:\WINDOWS\system32\hkcmd.exe[3580] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0123AD34
.text C:\WINDOWS\system32\hkcmd.exe[3580] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0123AE40
.text C:\WINDOWS\system32\hkcmd.exe[3580] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0123AD7C
.text C:\WINDOWS\system32\hkcmd.exe[3580] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0123AE0F
.text C:\WINDOWS\system32\hkcmd.exe[3580] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0123AB99
.text C:\WINDOWS\system32\hkcmd.exe[3580] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 0123ABF2
.text C:\WINDOWS\system32\hkcmd.exe[3580] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0123AB40
.text C:\WINDOWS\system32\hkcmd.exe[3580] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0123ADC0
.text C:\WINDOWS\system32\hkcmd.exe[3580] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0123AC93
.text C:\WINDOWS\system32\hkcmd.exe[3580] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01224A35
.text C:\WINDOWS\system32\hkcmd.exe[3580] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01224A72
.text C:\WINDOWS\system32\hkcmd.exe[3580] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01224A98
.text C:\WINDOWS\system32\hkcmd.exe[3580] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 012307E2
.text C:\WINDOWS\system32\igfxpers.exe[3588] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01330930
.text C:\WINDOWS\system32\igfxpers.exe[3588] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01330AF9
.text C:\WINDOWS\system32\igfxpers.exe[3588] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01330BA0
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 01325DA3
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 01325D1B
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01338FBD
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 01325D5F
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 0132551B
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 01325575
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 01325477
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 013290CC
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 01329170
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 01328D1E
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 01328D73
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 01328E2C
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 01325548
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 013291C7
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 01328D96
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 01325C03
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 01325C76
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01325335
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 013252FE
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 01328FF4
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 013255A5
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 01329243
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 01325DE8
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 01329042
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 0132921E
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 01328DE1
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 013253C3
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 01325422
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 01325CBB
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 01329238
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 0132911E
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 01325E80
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 01328EC2
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 01328F5E
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0133912F
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 01328E77
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 01328F10
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 01328FA9
.text C:\WINDOWS\system32\igfxpers.exe[3588] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 01325381
.text C:\WINDOWS\system32\igfxpers.exe[3588] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0133AD34
.text C:\WINDOWS\system32\igfxpers.exe[3588] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0133AE40
.text C:\WINDOWS\system32\igfxpers.exe[3588] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0133AD7C
.text C:\WINDOWS\system32\igfxpers.exe[3588] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0133AE0F
.text C:\WINDOWS\system32\igfxpers.exe[3588] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0133AB99
.text C:\WINDOWS\system32\igfxpers.exe[3588] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 0133ABF2
.text C:\WINDOWS\system32\igfxpers.exe[3588] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0133AB40
.text C:\WINDOWS\system32\igfxpers.exe[3588] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0133ADC0
.text C:\WINDOWS\system32\igfxpers.exe[3588] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0133AC93
.text C:\WINDOWS\system32\igfxpers.exe[3588] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01324A35
.text C:\WINDOWS\system32\igfxpers.exe[3588] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01324A72
.text C:\WINDOWS\system32\igfxpers.exe[3588] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01324A98
.text C:\WINDOWS\system32\igfxpers.exe[3588] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 013307E2
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 02980930
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 02980AF9
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 02980BA0
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 02975DA3
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 02975D1B
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 02988FBD
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 02975D5F
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 0297551B
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 02975575
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 02975477
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 029790CC
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 02979170
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 02978D1E
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 02978D73
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 02978E2C
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 02975548
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 029791C7
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 02978D96
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 02975C03
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 02975C76
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02975335
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 029752FE
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 02978FF4
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 029755A5
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 02979243
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 02975DE8
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 02979042
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 0297921E
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 02978DE1
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 029753C3
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 02975422
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 02975CBB
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 02979238
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 0297911E
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 02975E80
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 02978EC2
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 02978F5E
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0298912F
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 02978E77
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 02978F10
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 02978FA9
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 02975381
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0298AD34
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0298AE40
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0298AD7C
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0298AE0F
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0298AB99
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 0298ABF2
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0298AB40
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0298ADC0
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0298AC93
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 029807E2
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02974A35
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02974A72
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3616] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02974A98
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01000930
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01000AF9
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01000BA0
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00FF5DA3
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00FF5D1B
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01008FBD
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00FF5D5F
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00FF551B
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00FF5575
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00FF5477
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00FF90CC
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00FF9170
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 00FF8D1E
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 00FF8D73
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 00FF8E2C
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 00FF5548
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 00FF91C7
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 00FF8D96
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 00FF5C03
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 00FF5C76
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00FF5335
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 00FF52FE
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 00FF8FF4
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 00FF55A5
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 00FF9243
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 00FF5DE8
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 00FF9042
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 00FF921E
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 00FF8DE1
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 00FF53C3
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 00FF5422
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00FF5CBB
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 00FF9238
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 00FF911E
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 00FF5E80
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 00FF8EC2
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 00FF8F5E
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0100912F
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 00FF8E77
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 00FF8F10
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 00FF8FA9
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 00FF5381
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0100AD34
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0100AE40
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0100AD7C
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0100AE0F
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0100AB99
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 0100ABF2
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0100AB40
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0100ADC0
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0100AC93
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 010007E2
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FF4A35
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FF4A72
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3644] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FF4A98
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D00930
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D00AF9
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00D00BA0
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00CF5DA3
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00CF5D1B
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D08FBD
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00CF5D5F
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00CF551B
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00CF5575
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00CF5477
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00CF90CC
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00CF9170
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 00CF8D1E
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 00CF8D73
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 00CF8E2C
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 00CF5548
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 00CF91C7
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 00CF8D96
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 00CF5C03
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 00CF5C76
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00CF5335
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 00CF52FE
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 00CF8FF4
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 00CF55A5
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 00CF9243
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 00CF5DE8
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 00CF9042
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 00CF921E
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 00CF8DE1
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 00CF53C3
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 00CF5422
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00CF5CBB
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 00CF9238
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 00CF911E
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 00CF5E80
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 00CF8EC2
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 00CF8F5E
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00D0912F
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!DefDlgProcA 7E43E577 3 Bytes JMP 00CF8E77
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!DefDlgProcA + 4 7E43E57B 1 Byte [82]
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 00CF8F10
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 00CF8FA9
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 00CF5381
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 00D0AD34
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 00D0AE40
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 00D0AD7C
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 00D0AE0F
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00D0AB99
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 00D0ABF2
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00D0AB40
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 00D0ADC0
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 00D0AC93
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CF4A35
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CF4A72
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CF4A98
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3696] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00D007E2
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 02D50930
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 02D50AF9
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 02D50BA0
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 02D45DA3
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 02D45D1B
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 02D58FBD
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 02D45D5F
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 02D4551B
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 02D45575
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 02D45477
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 02D490CC
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 02D49170
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 02D48D1E
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 02D48D73
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 02D48E2C
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 02D45548
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 02D491C7
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 02D48D96
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 02D45C03
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 02D45C76
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02D45335
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 02D452FE
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 02D48FF4
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 02D455A5
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 02D49243
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 02D45DE8
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 02D49042
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 02D4921E
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 02D48DE1
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 02D453C3
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 02D45422
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 02D45CBB
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 02D49238
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 02D4911E
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 02D45E80
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 02D48EC2
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 02D48F5E
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 02D5912F
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 02D48E77
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 02D48F10
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 02D48FA9
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 02D45381
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02D44A35
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02D44A72
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02D44A98
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 02D5AD34
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 02D5AE40
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 02D5AD7C
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 02D5AE0F
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 02D5AB99
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 02D5ABF2
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 02D5AB40
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 02D5ADC0
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 02D5AC93
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3716] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 02D507E2
.text C:\WINDOWS\system32\kmw_run.exe[3764] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00E80930
.text C:\WINDOWS\system32\kmw_run.exe[3764] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00E80AF9
.text C:\WINDOWS\system32\kmw_run.exe[3764] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00E80BA0
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00E75DA3
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00E75D1B
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00E88FBD
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00E75D5F
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00E7551B
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00E75575
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00E75477
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00E790CC
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00E79170
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 00E78D1E
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 00E78D73
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 00E78E2C
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 00E75548
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 00E791C7
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 00E78D96
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 00E75C03
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 00E75C76
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E75335
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 00E752FE
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 00E78FF4
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 00E755A5
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 00E79243
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 00E75DE8
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 00E79042
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 00E7921E
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 00E78DE1
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 00E753C3
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 00E75422
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00E75CBB
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 00E79238
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 00E7911E
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 00E75E80
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 00E78EC2
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 00E78F5E
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00E8912F
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 00E78E77
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 00E78F10
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 00E78FA9
.text C:\WINDOWS\system32\kmw_run.exe[3764] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 00E75381
.text C:\WINDOWS\system32\kmw_run.exe[3764] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 00E8AD34
.text C:\WINDOWS\system32\kmw_run.exe[3764] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 00E8AE40
.text C:\WINDOWS\system32\kmw_run.exe[3764] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 00E8AD7C
.text C:\WINDOWS\system32\kmw_run.exe[3764] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 00E8AE0F
.text C:\WINDOWS\system32\kmw_run.exe[3764] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00E8AB99
.text C:\WINDOWS\system32\kmw_run.exe[3764] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 00E8ABF2
.text C:\WINDOWS\system32\kmw_run.exe[3764] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00E8AB40
.text C:\WINDOWS\system32\kmw_run.exe[3764] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 00E8ADC0
.text C:\WINDOWS\system32\kmw_run.exe[3764] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 00E8AC93
.text C:\WINDOWS\system32\kmw_run.exe[3764] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E74A35
.text C:\WINDOWS\system32\kmw_run.exe[3764] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E74A72
.text C:\WINDOWS\system32\kmw_run.exe[3764] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E74A98
.text C:\WINDOWS\system32\kmw_run.exe[3764] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00E807E2
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01320930
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01320AF9
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01320BA0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 01315DA3
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 01315D1B
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01328FBD
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 01315D5F
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 0131551B
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 01315575
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 01315477
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 013190CC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 01319170
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 01318D1E
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 01318D73
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 01318E2C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 01315548
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 013191C7
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 01318D96
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 01315C03
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 01315C76
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01315335
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 013152FE
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 01318FF4
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 013155A5
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 01319243
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 01315DE8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 01319042
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 0131921E
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 01318DE1
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 013153C3
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 01315422
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 01315CBB
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 01319238
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 0131911E
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 01315E80
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 01318EC2
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 01318F5E
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0132912F
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 01318E77
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 01318F10
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 01318FA9
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 01315381
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0132AD34
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0132AE40
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0132AD7C
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0132AE0F
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0132AB99
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 0132ABF2
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0132AB40
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0132ADC0
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0132AC93
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01314A35
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01314A72
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01314A98
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3788] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 013207E2
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00B80930
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B80AF9
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00B80BA0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00B75DA3
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00B75D1B
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00B88FBD
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00B75D5F
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00B7551B
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00B75575
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00B75477
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00B790CC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00B79170
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 00B78D1E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 00B78D73
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 00B78E2C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 00B75548
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 00B791C7
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 00B78D96
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 00B75C03
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 00B75C76
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00B75335
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 00B752FE
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 00B78FF4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 00B755A5
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 00B79243
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 00B75DE8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 00B79042
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 00B7921E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 00B78DE1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 00B753C3
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 00B75422
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00B75CBB
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 00B79238
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 00B7911E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 00B75E80
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 00B78EC2
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 00B78F5E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00B8912F
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 00B78E77
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 00B78F10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 00B78FA9
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 00B75381
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 00B8AD34
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 00B8AE40
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 00B8AD7C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 00B8AE0F
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00B8AB99
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 00B8ABF2
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00B8AB40
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 00B8ADC0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 00B8AC93
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B74A35
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B74A72
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B74A98
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3800] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00B807E2
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 012A0930
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 012A0AF9
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 012A0BA0
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 01295DA3
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 01295D1B
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 012A8FBD
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 01295D5F
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 0129551B
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 01295575
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 01295477
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 012990CC
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 01299170
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 01298D1E
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 01298D73
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 01298E2C
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 01295548
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 012991C7
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 01298D96
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 01295C03
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 01295C76
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01295335
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 012952FE
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 01298FF4
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 012955A5
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 01299243
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 01295DE8
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 01299042
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 0129921E
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 01298DE1
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 012953C3
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 01295422
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 01295CBB
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 01299238
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 0129911E
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 01295E80
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 01298EC2
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 01298F5E
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 012A912F
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 01298E77
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 01298F10
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 01298FA9
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 01295381
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 012AAD34
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 012AAE40
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 012AAD7C
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 012AAE0F
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 012AAB99
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 012AABF2
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 012AAB40
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 012AADC0
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 012AAC93
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01294A35
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01294A72
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01294A98
.text C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe[3880] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 012A07E2
.text C:\WINDOWS\system32\ctfmon.exe[3888] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D30930
.text C:\WINDOWS\system32\ctfmon.exe[3888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D30AF9
.text C:\WINDOWS\system32\ctfmon.exe[3888] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00D30BA0
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00D25DA3
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00D25D1B
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D38FBD
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00D25D5F
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00D2551B
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00D25575
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00D25477
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00D290CC
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00D29170
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 00D28D1E
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 00D28D73
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 00D28E2C
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 00D25548
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 00D291C7
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!DefWindowProcW 7E428D20 3 Bytes JMP 00D28D96
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!DefWindowProcW + 4 7E428D24 1 Byte [82]
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 00D25C03
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 00D25C76
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00D25335
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 00D252FE
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 00D28FF4
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 00D255A5
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 00D29243
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 00D25DE8
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 00D29042
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 00D2921E
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 00D28DE1
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 00D253C3
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 00D25422
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00D25CBB
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 00D29238
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 00D2911E
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 00D25E80
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 00D28EC2
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 00D28F5E
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00D3912F
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 00D28E77
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 00D28F10
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 00D28FA9
.text C:\WINDOWS\system32\ctfmon.exe[3888] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 00D25381
.text C:\WINDOWS\system32\ctfmon.exe[3888] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 00D3AD34
.text C:\WINDOWS\system32\ctfmon.exe[3888] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 00D3AE40
.text C:\WINDOWS\system32\ctfmon.exe[3888] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 00D3AD7C
.text C:\WINDOWS\system32\ctfmon.exe[3888] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 00D3AE0F
.text C:\WINDOWS\system32\ctfmon.exe[3888] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00D3AB99
.text C:\WINDOWS\system32\ctfmon.exe[3888] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 00D3ABF2
.text C:\WINDOWS\system32\ctfmon.exe[3888] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00D3AB40
.text C:\WINDOWS\system32\ctfmon.exe[3888] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 00D3ADC0
.text C:\WINDOWS\system32\ctfmon.exe[3888] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 00D3AC93
.text C:\WINDOWS\system32\ctfmon.exe[3888] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D24A35
.text C:\WINDOWS\system32\ctfmon.exe[3888] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D24A72
.text C:\WINDOWS\system32\ctfmon.exe[3888] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D24A98
.text C:\WINDOWS\system32\ctfmon.exe[3888] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00D307E2
.text C:\Program Files\Messenger\msmsgs.exe[3908] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 011C0930
.text C:\Program Files\Messenger\msmsgs.exe[3908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 011C0AF9
.text C:\Program Files\Messenger\msmsgs.exe[3908] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 011C0BA0
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 011B5DA3
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 011B5D1B
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 011C8FBD
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 011B5D5F
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 011B551B
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 011B5575
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 011B5477
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 011B90CC
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 011B9170
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 011B8D1E
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 011B8D73
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 011B8E2C
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 011B5548
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 011B91C7
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 011B8D96
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 011B5C03
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 011B5C76
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 011B5335
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 011B52FE
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 011B8FF4
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 011B55A5
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 011B9243
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 011B5DE8
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 011B9042
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 011B921E
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 011B8DE1
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 011B53C3
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 011B5422
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 011B5CBB
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 011B9238
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 011B911E
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 011B5E80
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 011B8EC2
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 011B8F5E
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 011C912F
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 011B8E77
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 011B8F10
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 011B8FA9
.text C:\Program Files\Messenger\msmsgs.exe[3908] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 011B5381
.text C:\Program Files\Messenger\msmsgs.exe[3908] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011B4A35
.text C:\Program Files\Messenger\msmsgs.exe[3908] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011B4A72
.text C:\Program Files\Messenger\msmsgs.exe[3908] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011B4A98
.text C:\Program Files\Messenger\msmsgs.exe[3908] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 011CAD34
.text C:\Program Files\Messenger\msmsgs.exe[3908] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 011CAE40
.text C:\Program Files\Messenger\msmsgs.exe[3908] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 011CAD7C
.text C:\Program Files\Messenger\msmsgs.exe[3908] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 011CAE0F
.text C:\Program Files\Messenger\msmsgs.exe[3908] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 011CAB99
.text C:\Program Files\Messenger\msmsgs.exe[3908] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 011CABF2
.text C:\Program Files\Messenger\msmsgs.exe[3908] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 011CAB40
.text C:\Program Files\Messenger\msmsgs.exe[3908] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 011CADC0
.text C:\Program Files\Messenger\msmsgs.exe[3908] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 011CAC93
.text C:\Program Files\Messenger\msmsgs.exe[3908] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 011C07E2
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01050930
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01050AF9
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01050BA0
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 01045DA3
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 01045D1B
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01058FBD
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 01045D5F
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 0104551B
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 01045575
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 01045477
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 010490CC
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 01049170
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 01048D1E
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 01048D73
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 01048E2C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 01045548
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 010491C7
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 01048D96
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 01045C03
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 01045C76
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01045335
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 010452FE
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 01048FF4
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 010455A5
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 01049243
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 01045DE8
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 01049042
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 0104921E
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 01048DE1
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 010453C3
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 01045422
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 01045CBB
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 01049238
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 0104911E
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 01045E80
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 01048EC2
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 01048F5E
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 0105912F
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 01048E77
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 01048F10
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 01048FA9
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 01045381
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 0105AD34
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 0105AE40
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 0105AD7C
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 0105AE0F
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 0105AB99
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 0105ABF2
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 0105AB40
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 0105ADC0
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 0105AC93
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01044A35
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01044A72
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01044A98
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[3916] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 010507E2
.text D:\l22econj.exe[4032] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00F60930
.text D:\l22econj.exe[4032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F60AF9
.text D:\l22econj.exe[4032] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00F60BA0
.text D:\l22econj.exe[4032] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00F55DA3
.text D:\l22econj.exe[4032] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00F55D1B
.text D:\l22econj.exe[4032] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00F68FBD
.text D:\l22econj.exe[4032] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00F55D5F
.text D:\l22econj.exe[4032] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 00F5551B
.text D:\l22econj.exe[4032] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 00F55575
.text D:\l22econj.exe[4032] USER32.dll!GetCapture 7E4194DA 5 Bytes JMP 00F55477
.text D:\l22econj.exe[4032] USER32.dll!RegisterClassW 7E41A39A 5 Bytes JMP 00F590CC
.text D:\l22econj.exe[4032] USER32.dll!RegisterClassExW 7E41AF7F 5 Bytes JMP 00F59170
.text D:\l22econj.exe[4032] USER32.dll!OpenInputDesktop 7E41ECA3 5 Bytes JMP 00F58D1E
.text D:\l22econj.exe[4032] USER32.dll!SwitchDesktop 7E41FE6E 5 Bytes JMP 00F58D73
.text D:\l22econj.exe[4032] USER32.dll!DefDlgProcW 7E423D3A 5 Bytes JMP 00F58E2C
.text D:\l22econj.exe[4032] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 00F55548
.text D:\l22econj.exe[4032] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 00F591C7
.text D:\l22econj.exe[4032] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 00F58D96
.text D:\l22econj.exe[4032] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 00F55C03
.text D:\l22econj.exe[4032] USER32.dll!EndPaint 7E428FFD 5 Bytes JMP 00F55C76
.text D:\l22econj.exe[4032] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F55335
.text D:\l22econj.exe[4032] USER32.dll!GetMessagePos 7E42996C 5 Bytes JMP 00F552FE
.text D:\l22econj.exe[4032] USER32.dll!CallWindowProcW 7E42A01E 5 Bytes JMP 00F58FF4
.text D:\l22econj.exe[4032] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 00F555A5
.text D:\l22econj.exe[4032] USER32.dll!MonitorFromWindow 7E42A679 5 Bytes JMP 00F59243
.text D:\l22econj.exe[4032] USER32.dll!GetUpdateRect 7E42A8C9 5 Bytes JMP 00F55DE8
.text D:\l22econj.exe[4032] USER32.dll!CallWindowProcA 7E42A97D 5 Bytes JMP 00F59042
.text D:\l22econj.exe[4032] USER32.dll!MonitorFromPoint 7E42ABF5 5 Bytes JMP 00F5921E
.text D:\l22econj.exe[4032] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 00F58DE1
.text D:\l22econj.exe[4032] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 00F553C3
.text D:\l22econj.exe[4032] USER32.dll!ReleaseCapture 7E42C37A 5 Bytes JMP 00F55422
.text D:\l22econj.exe[4032] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00F55CBB
.text D:\l22econj.exe[4032] USER32.dll!MonitorFromRect 7E42C713 5 Bytes JMP 00F59238
.text D:\l22econj.exe[4032] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 00F5911E
.text D:\l22econj.exe[4032] USER32.dll!GetUpdateRgn 7E42F5EC 5 Bytes JMP 00F55E80
.text D:\l22econj.exe[4032] USER32.dll!DefFrameProcW 7E430833 5 Bytes JMP 00F58EC2
.text D:\l22econj.exe[4032] USER32.dll!DefMDIChildProcW 7E430A47 5 Bytes JMP 00F58F5E
.text D:\l22econj.exe[4032] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00F6912F
.text D:\l22econj.exe[4032] USER32.dll!DefDlgProcA 7E43E577 5 Bytes JMP 00F58E77
.text D:\l22econj.exe[4032] USER32.dll!DefFrameProcA 7E44F965 5 Bytes JMP 00F58F10
.text D:\l22econj.exe[4032] USER32.dll!DefMDIChildProcA 7E44F9B4 5 Bytes JMP 00F58FA9
.text D:\l22econj.exe[4032] USER32.dll!SetCursorPos 7E4561B3 5 Bytes JMP 00F55381
.text D:\l22econj.exe[4032] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 00F6AD34
.text D:\l22econj.exe[4032] WININET.dll!HttpQueryInfoA 3D947425 5 Bytes JMP 00F6AE40
.text D:\l22econj.exe[4032] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 00F6AD7C
.text D:\l22econj.exe[4032] WININET.dll!InternetQueryDataAvailable 3D951615 5 Bytes JMP 00F6AE0F
.text D:\l22econj.exe[4032] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 00F6AB99
.text D:\l22econj.exe[4032] WININET.dll!HttpSendRequestExW 3D958C49 5 Bytes JMP 00F6ABF2
.text D:\l22econj.exe[4032] WININET.dll!HttpSendRequestW 3D95FDF9 5 Bytes JMP 00F6AB40
.text D:\l22econj.exe[4032] WININET.dll!InternetReadFileExA 3D963384 5 Bytes JMP 00F6ADC0
.text D:\l22econj.exe[4032] WININET.dll!HttpSendRequestExA 3D9AA92E 5 Bytes JMP 00F6AC93
.text D:\l22econj.exe[4032] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F54A35
.text D:\l22econj.exe[4032] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F54A72
.text D:\l22econj.exe[4032] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F54A98
.text D:\l22econj.exe[4032] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00F607E2

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)





Any help would be greatly appreciated!

Thanks,
Marm
  • 0

Advertisements

#2
hammerman
Posted 11 July 2010 - 12:11 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello Marmaduke and welcome to GeeksToGo :)
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.
  • Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
  • Please do no attach logs or post them in Quote/Code boxes unless requested.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
  • When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • If in doubt about anything, please ask.
I'm looking through your logs and will reply shortly.
  • 0

#3
hammerman
Posted 11 July 2010 - 12:32 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [mktmylip] C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhcumemai\jhpfyubtssd.exe ()
O4 - HKCU..\Run: [{C71348A8-5D4E-C632-EFC9-16D7636D5BE7}] C:\Documents and Settings\Caprice Light\Application Data\Tamy\anzu.exe ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.162.221,93.188.166.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.221,93.188.166.201
[2010/07/08 19:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhcumemai
[2010/07/10 17:51:41 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\0632e3a5.job
[2010/07/10 17:50:12 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/10 17:47:31 | 000,050,176 | ---- | M] () -- C:\WINDOWS\System32\ernel32.dll
[2010/07/10 17:47:29 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/07 20:26:04 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Caprice Light\Application Data\0632e3a5.exe

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 2 --

Download TDSSKiller and save it to your Desktop.

  • Extract the file and run it.
  • Once completed it will create a log in the root directory (usually C:\).
  • Please post the contents of that log in your next reply.
-- Step 3 --

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#4
Marmaduke
Posted 11 July 2010 - 05:44 AM

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Good Morning! Thank you so much for your help!

Here is my OTL Log...

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mktmylip deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhcumemai\jhpfyubtssd.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{C71348A8-5D4E-C632-EFC9-16D7636D5BE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C71348A8-5D4E-C632-EFC9-16D7636D5BE7}\ not found.
C:\Documents and Settings\Caprice Light\Application Data\Tamy\anzu.exe moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhcumemai folder moved successfully.
C:\WINDOWS\tasks\0632e3a5.job moved successfully.
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
C:\WINDOWS\system32\ernel32.dll moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Documents and Settings\Caprice Light\Application Data\0632e3a5.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Caprice Light
->Temp folder emptied: 18211780 bytes
->Temporary Internet Files folder emptied: 95184 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36472209 bytes
->Flash cache emptied: 1529742 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: LocalService
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 11647 bytes
->Flash cache emptied: 34487 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2179601 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151772 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23942926 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 359111 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 79.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Caprice Light
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07112010_065707

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_334.dat not found!

Registry entries deleted on Reboot...


TDSS Log...

07:04:16:171 1920 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
07:04:16:171 1920 ================================================================================
07:04:16:171 1920 SystemInfo:

07:04:16:171 1920 OS Version: 5.1.2600 ServicePack: 3.0
07:04:16:171 1920 Product type: Workstation
07:04:16:171 1920 ComputerName: CAPRCIE
07:04:16:171 1920 UserName: Caprice Light
07:04:16:171 1920 Windows directory: C:\WINDOWS
07:04:16:171 1920 System windows directory: C:\WINDOWS
07:04:16:171 1920 Processor architecture: Intel x86
07:04:16:171 1920 Number of processors: 2
07:04:16:171 1920 Page size: 0x1000
07:04:16:171 1920 Boot type: Normal boot
07:04:16:171 1920 ================================================================================
07:04:16:546 1920 Initialize success
07:04:16:546 1920
07:04:16:546 1920 Scanning Services ...
07:04:17:093 1920 Raw services enum returned 355 services
07:04:17:109 1920
07:04:17:109 1920 Scanning Drivers ...
07:04:17:968 1920 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:04:18:015 1920 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:04:18:046 1920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:04:18:125 1920 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
07:04:18:171 1920 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
07:04:18:296 1920 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
07:04:18:328 1920 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:04:18:390 1920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:04:18:421 1920 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:04:18:453 1920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:04:18:562 1920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:04:18:656 1920 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
07:04:18:687 1920 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
07:04:18:703 1920 avipbb (310ef97fecfe59a300f25a31784640ee) C:\WINDOWS\system32\DRIVERS\avipbb.sys
07:04:18:718 1920 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\avipbb.sys. Real md5: 310ef97fecfe59a300f25a31784640ee, Fake md5: 1289e9a5d9118a25a13c0009519088e3
07:04:18:718 1920 File "C:\WINDOWS\system32\DRIVERS\avipbb.sys" infected by TDSS rootkit ... 07:04:18:937 1920 Backup copy found, using it..
07:04:18:984 1920 !ttfc8 5
07:04:18:984 1920 !ttfc10 5
07:04:18:984 1920 cure failed
07:04:19:046 1920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:04:19:078 1920 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
07:04:19:093 1920 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
07:04:19:125 1920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:04:19:156 1920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:04:19:171 1920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:04:19:218 1920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:04:19:296 1920 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:04:19:328 1920 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:04:19:375 1920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:04:19:437 1920 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:04:19:500 1920 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
07:04:19:546 1920 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:04:19:578 1920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:04:19:625 1920 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
07:04:19:687 1920 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
07:04:19:765 1920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:04:19:812 1920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:04:19:828 1920 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:04:19:859 1920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:04:19:921 1920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:04:19:953 1920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:04:20:015 1920 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:04:20:093 1920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:04:20:140 1920 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:04:20:265 1920 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:04:20:312 1920 HSFHWAZL (be0a81f4337367ce94bb20e65b3d57c8) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
07:04:20:390 1920 HSF_DPV (b46aa158f25ccbf03b12971b4c7f4723) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
07:04:20:484 1920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:04:20:546 1920 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:04:20:625 1920 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:04:20:750 1920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:04:20:984 1920 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:04:21:140 1920 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:04:21:187 1920 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:04:21:218 1920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:04:21:250 1920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:04:21:296 1920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:04:21:312 1920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:04:21:343 1920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:04:21:390 1920 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:04:21:421 1920 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:04:21:453 1920 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
07:04:21:484 1920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:04:21:531 1920 KMW_KBD (56c128e5a723f41fc254cdc01e31cf8e) C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
07:04:21:546 1920 KMW_SYS (56ab6419f4a49b91964c5c6ded4b0fbe) C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
07:04:21:593 1920 KMW_USB (ef593601f3a79bf852fdade89df41223) C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
07:04:21:625 1920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:04:21:671 1920 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:04:21:781 1920 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
07:04:21:812 1920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:04:21:843 1920 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:04:21:859 1920 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:04:21:890 1920 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:04:21:921 1920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:04:21:968 1920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:04:22:062 1920 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:04:22:078 1920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:04:22:125 1920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:04:22:156 1920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:04:22:187 1920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:04:22:218 1920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:04:22:296 1920 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
07:04:22:328 1920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:04:22:390 1920 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:04:22:406 1920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:04:22:437 1920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:04:22:453 1920 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
07:04:22:484 1920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:04:22:500 1920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:04:22:640 1920 NETw3x32 (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
07:04:22:703 1920 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:04:22:796 1920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:04:22:843 1920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:04:22:921 1920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:04:22:984 1920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:04:23:031 1920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:04:23:046 1920 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:04:23:078 1920 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
07:04:23:109 1920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:04:23:140 1920 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:04:23:171 1920 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
07:04:23:203 1920 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:04:23:218 1920 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
07:04:23:328 1920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:04:23:437 1920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:04:23:468 1920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:04:23:515 1920 PxHelp20 (1ffd5f718638fbea6c1eaad3349d479e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:04:23:625 1920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:04:23:640 1920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:04:23:656 1920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:04:23:671 1920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:04:23:718 1920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:04:23:781 1920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:04:23:812 1920 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:04:23:859 1920 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
07:04:23:906 1920 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:04:23:953 1920 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
07:04:23:984 1920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:04:24:015 1920 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
07:04:24:093 1920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
07:04:24:203 1920 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
07:04:24:234 1920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:04:24:265 1920 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:04:24:328 1920 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
07:04:24:390 1920 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
07:04:24:406 1920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:04:24:453 1920 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
07:04:24:609 1920 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
07:04:24:656 1920 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
07:04:24:734 1920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:04:24:828 1920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:04:24:859 1920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:04:24:890 1920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:04:24:968 1920 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
07:04:25:031 1920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:04:25:125 1920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:04:25:171 1920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:04:25:218 1920 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:04:25:265 1920 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:04:25:281 1920 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:04:25:312 1920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:04:25:359 1920 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:04:25:375 1920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:04:25:421 1920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:04:25:562 1920 winachsf (317dc24899ad7a06e3430bf45f292989) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:04:25:656 1920 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:04:25:703 1920 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:04:25:765 1920 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
07:04:25:781 1920
07:04:25:781 1920 Completed
07:04:25:781 1920
07:04:25:781 1920 Results:
07:04:25:781 1920 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
07:04:25:781 1920 File objects infected / cured / cured on reboot: 1 / 0 / 0
07:04:25:781 1920
07:04:25:781 1920 KLMD(ARK) unloaded successfully


ComboFix...

ComboFix 10-07-10.02 - Caprice Light 07/11/2010 7:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.618 [GMT -4:00]
Running from: c:\documents and settings\Caprice Light\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Caprice Light\Application Data\Tamy\anzu.exe
c:\program files\Common
c:\windows\setup.exe
c:\windows\spd13sgl.dll
c:\windows\system32\spool\prtprocs\w32x86\A17931y9.dll
c:\windows\system32\spool\prtprocs\w32x86\A9k1793.dll
c:\windows\system32\spool\prtprocs\w32x86\IQGMY9c.dll
c:\windows\system32\spool\prtprocs\w32x86\Q1w931g9.dll
c:\windows\system32\spool\prtprocs\w32x86\SK1yWSK7y.dll
c:\windows\system32\spool\prtprocs\w32x86\UOCE5.dll
c:\windows\system32\spool\prtprocs\w32x86\Y31oC3s79.dll
c:\windows\system32\spool\prtprocs\w32x86\Y931mY3.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-10 21:43 . 2010-07-10 21:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-08 00:32 . 2010-07-08 00:32 -------- d-----w- C:\spoolerlogs
2010-07-08 00:26 . 2010-07-08 00:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-03 19:48 . 2010-07-08 00:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 11:04 . 2010-07-11 11:04 124784 ----a-w- c:\windows\system32\drivers\tsk1.tmp
2010-07-11 10:57 . 2009-08-09 11:13 -------- d-----w- c:\documents and settings\Caprice Light\Application Data\Tamy
2010-07-10 21:52 . 2010-04-09 12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-10 20:43 . 2008-01-01 00:52 -------- d-----w- c:\documents and settings\Caprice Light\Application Data\Akcop
2010-05-29 11:36 . 2010-05-29 11:36 503808 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\msvcp71.dll
2010-05-29 11:36 . 2010-05-29 11:36 12800 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5635def9-n\decora-d3d.dll
2010-05-29 11:36 . 2010-05-29 11:36 499712 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\jmc.dll
2010-05-29 11:36 . 2010-05-29 11:36 61440 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5635def9-n\decora-sse.dll
2010-05-29 11:36 . 2010-05-29 11:36 348160 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\msvcr71.dll
2010-05-15 14:54 . 2006-09-01 23:33 -------- d-----w- c:\program files\Common Files\Java
2010-05-15 13:48 . 2010-05-15 13:48 503808 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\msvcp71.dll
2010-05-15 13:48 . 2010-05-15 13:48 499712 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\jmc.dll
2010-05-15 13:48 . 2010-05-15 13:48 348160 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\msvcr71.dll
2010-05-15 13:48 . 2010-05-15 13:48 61440 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59c03054-n\decora-sse.dll
2010-05-15 13:48 . 2010-05-15 13:48 12800 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59c03054-n\decora-d3d.dll
2010-05-15 13:48 . 2010-05-15 13:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-15 13:47 . 2006-09-01 23:33 -------- d-----w- c:\program files\Java
2010-04-29 19:39 . 2010-04-09 12:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-09 12:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2006-03-15 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-01-01 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
xeokr.exe [2010-7-8 171034]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\h:\0autocheck autochk /r \??\G:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-25 21:21 53248 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-06-02 00:55 1077248 ----a-w- c:\program files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 01:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 08:10 49263 ----a-w- c:\program files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2005-06-13 22:42 258048 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/27/2010 8:52 AM 135336]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [9/1/2006 5:56 PM 226304]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Caprice Light\Application Data\Mozilla\Firefox\Profiles\xgz1l4so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Caprice Light\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{C71348A8-5D4E-C632-EFC9-16D7636D5BE7} - c:\documents and settings\Caprice Light\Application Data\Tamy\anzu.exe
HKLM-Run-MSWheel - (no file)
HKU-Default-Run-Jguti - c:\windows\spd13sgl.dll
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 07:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2010-07-11 07:38:09
ComboFix-quarantined-files.txt 2010-07-11 11:38

Pre-Run: 57,772,371,968 bytes free
Post-Run: 57,736,577,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 827CC8C00B330EA29DC2F5C0376DD38E



Let me know what you think...

Thanks,
Marm
  • 0

#5
hammerman
Posted 11 July 2010 - 08:50 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
c:\documents and settings\Default User\Start Menu\Programs\Startup\xeokr.exe

Folder::

Registry::

Driver::

TDL::
C:\WINDOWS\system32\DRIVERS\avipbb.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#6
Marmaduke
Posted 11 July 2010 - 11:32 AM

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here you go kind sir...
ComboFix 10-07-10.02 - Caprice Light 07/11/2010 13:18:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.560 [GMT -4:00]
Running from: c:\documents and settings\Caprice Light\Desktop\ComboFix.exe
Command switches used :: D:\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Default User\Start Menu\Programs\Startup\xeokr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Default User\Start Menu\Programs\Startup\xeokr.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-10 21:43 . 2010-07-10 21:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-08 00:32 . 2010-07-08 00:32 -------- d-----w- C:\spoolerlogs
2010-07-08 00:26 . 2010-07-08 00:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-03 19:48 . 2010-07-08 00:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 11:04 . 2010-07-11 11:04 124784 ----a-w- c:\windows\system32\drivers\tsk1.tmp
2010-07-11 10:57 . 2009-08-09 11:13 -------- d-----w- c:\documents and settings\Caprice Light\Application Data\Tamy
2010-07-10 21:52 . 2010-04-09 12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-10 20:43 . 2008-01-01 00:52 -------- d-----w- c:\documents and settings\Caprice Light\Application Data\Akcop
2010-05-29 11:36 . 2010-05-29 11:36 503808 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\msvcp71.dll
2010-05-29 11:36 . 2010-05-29 11:36 12800 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5635def9-n\decora-d3d.dll
2010-05-29 11:36 . 2010-05-29 11:36 499712 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\jmc.dll
2010-05-29 11:36 . 2010-05-29 11:36 61440 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5635def9-n\decora-sse.dll
2010-05-29 11:36 . 2010-05-29 11:36 348160 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\msvcr71.dll
2010-05-15 14:54 . 2006-09-01 23:33 -------- d-----w- c:\program files\Common Files\Java
2010-05-15 13:48 . 2010-05-15 13:48 503808 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\msvcp71.dll
2010-05-15 13:48 . 2010-05-15 13:48 499712 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\jmc.dll
2010-05-15 13:48 . 2010-05-15 13:48 348160 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\msvcr71.dll
2010-05-15 13:48 . 2010-05-15 13:48 61440 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59c03054-n\decora-sse.dll
2010-05-15 13:48 . 2010-05-15 13:48 12800 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59c03054-n\decora-d3d.dll
2010-05-15 13:48 . 2010-05-15 13:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-15 13:47 . 2006-09-01 23:33 -------- d-----w- c:\program files\Java
2010-04-29 19:39 . 2010-04-09 12:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-09 12:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2006-03-15 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-01-01 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\h:\0autocheck autochk /r \??\G:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-25 21:21 53248 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-06-02 00:55 1077248 ----a-w- c:\program files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 01:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 08:10 49263 ----a-w- c:\program files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2005-06-13 22:42 258048 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/27/2010 8:52 AM 135336]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [9/1/2006 5:56 PM 226304]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Caprice Light\Application Data\Mozilla\Firefox\Profiles\xgz1l4so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Caprice Light\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 13:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\kmw_run.exe
c:\windows\SoftwareDistribution\Download\60cd82908dbb295dedb9fb0ac86f3dfb\update\update.exe
.
**************************************************************************
.
Completion time: 2010-07-11 13:30:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-11 17:30
ComboFix2.txt 2010-07-11 11:38

Pre-Run: 57,574,211,584 bytes free
Post-Run: 57,515,966,464 bytes free

- - End Of File - - 30C217D9A48CB34A0CC79ACDDD0808E5
  • 0

#7
hammerman
Posted 11 July 2010 - 03:54 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Can you repeat the Combofix step. You saved the script file as D:\CFScript.txt.txt. It should be saved on your desktop as CFScript.txt. Can you try again. Here are the instructions.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

TDL::
C:\WINDOWS\system32\DRIVERS\avipbb.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#8
Marmaduke
Posted 11 July 2010 - 05:26 PM

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Please accept my apologies...
I believe this is what you need.

ComboFix 10-07-11.03 - Caprice Light 07/11/2010 19:12:04.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.579 [GMT -4:00]
Running from: c:\documents and settings\Caprice Light\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Caprice Light\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-10 21:43 . 2010-07-10 21:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-08 00:32 . 2010-07-08 00:32 -------- d-----w- C:\spoolerlogs
2010-07-08 00:26 . 2010-07-08 00:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-03 19:48 . 2010-07-08 00:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 11:04 . 2010-07-11 11:04 124784 ----a-w- c:\windows\system32\drivers\tsk1.tmp
2010-07-11 10:57 . 2009-08-09 11:13 -------- d-----w- c:\documents and settings\Caprice Light\Application Data\Tamy
2010-07-10 21:52 . 2010-04-09 12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-10 20:43 . 2008-01-01 00:52 -------- d-----w- c:\documents and settings\Caprice Light\Application Data\Akcop
2010-05-29 11:36 . 2010-05-29 11:36 503808 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\msvcp71.dll
2010-05-29 11:36 . 2010-05-29 11:36 12800 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5635def9-n\decora-d3d.dll
2010-05-29 11:36 . 2010-05-29 11:36 499712 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\jmc.dll
2010-05-29 11:36 . 2010-05-29 11:36 61440 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5635def9-n\decora-sse.dll
2010-05-29 11:36 . 2010-05-29 11:36 348160 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\msvcr71.dll
2010-05-15 14:54 . 2006-09-01 23:33 -------- d-----w- c:\program files\Common Files\Java
2010-05-15 13:48 . 2010-05-15 13:48 503808 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\msvcp71.dll
2010-05-15 13:48 . 2010-05-15 13:48 499712 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\jmc.dll
2010-05-15 13:48 . 2010-05-15 13:48 348160 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\msvcr71.dll
2010-05-15 13:48 . 2010-05-15 13:48 61440 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59c03054-n\decora-sse.dll
2010-05-15 13:48 . 2010-05-15 13:48 12800 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59c03054-n\decora-d3d.dll
2010-05-15 13:48 . 2010-05-15 13:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-15 13:47 . 2006-09-01 23:33 -------- d-----w- c:\program files\Java
2010-04-29 19:39 . 2010-04-09 12:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-09 12:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2006-03-15 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-01-01 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\h:\0autocheck autochk /r \??\G:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-25 21:21 53248 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-06-02 00:55 1077248 ----a-w- c:\program files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 01:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 08:10 49263 ----a-w- c:\program files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2005-06-13 22:42 258048 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/27/2010 8:52 AM 135336]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [9/1/2006 5:56 PM 226304]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Caprice Light\Application Data\Mozilla\Firefox\Profiles\xgz1l4so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Caprice Light\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 19:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2204)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\kmw_run.exe
.
**************************************************************************
.
Completion time: 2010-07-11 19:23:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-11 23:23
ComboFix2.txt 2010-07-11 17:30
ComboFix3.txt 2010-07-11 11:38

Pre-Run: 57,561,923,584 bytes free
Post-Run: 57,554,141,184 bytes free

- - End Of File - - 641937F49C795CF13A2B3DD9E9CAEB95
  • 0

#9
hammerman
Posted 12 July 2010 - 12:06 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

No need to apologise. You're doing a good job :)
Please follow these steps.

-- Step 1 --

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\tsk1.tmp


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

-- Step 2 --

Run Malwarebytes' Anti-Malware.
  • Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
  • Select the Scanner tab, select "Perform Quick Scan", then click Scan
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 3 --

Please run a fresh GMER scan and post the log.
  • 0

#10
Marmaduke
Posted 12 July 2010 - 05:03 AM

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok, here is the first log...

ComboFix 10-07-11.03 - Caprice Light 07/12/2010 6:24.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.542 [GMT -4:00]
Running from: c:\documents and settings\Caprice Light\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Caprice Light\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\drivers\tsk1.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\tsk1.tmp

Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\kernel32.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-12 to 2010-07-12 )))))))))))))))))))))))))))))))
.

2010-07-10 21:43 . 2010-07-10 21:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-08 00:32 . 2010-07-08 00:32 -------- d-----w- C:\spoolerlogs
2010-07-08 00:26 . 2010-07-08 00:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-03 19:48 . 2010-07-08 00:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 10:57 . 2009-08-09 11:13 -------- d-----w- c:\documents and settings\Caprice Light\Application Data\Tamy
2010-07-10 21:52 . 2010-04-09 12:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-10 20:43 . 2008-01-01 00:52 -------- d-----w- c:\documents and settings\Caprice Light\Application Data\Akcop
2010-05-29 11:36 . 2010-05-29 11:36 503808 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\msvcp71.dll
2010-05-29 11:36 . 2010-05-29 11:36 12800 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5635def9-n\decora-d3d.dll
2010-05-29 11:36 . 2010-05-29 11:36 499712 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\jmc.dll
2010-05-29 11:36 . 2010-05-29 11:36 61440 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5635def9-n\decora-sse.dll
2010-05-29 11:36 . 2010-05-29 11:36 348160 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5cda983a-n\msvcr71.dll
2010-05-15 14:54 . 2006-09-01 23:33 -------- d-----w- c:\program files\Common Files\Java
2010-05-15 13:48 . 2010-05-15 13:48 503808 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\msvcp71.dll
2010-05-15 13:48 . 2010-05-15 13:48 499712 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\jmc.dll
2010-05-15 13:48 . 2010-05-15 13:48 348160 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-67d20221-n\msvcr71.dll
2010-05-15 13:48 . 2010-05-15 13:48 61440 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59c03054-n\decora-sse.dll
2010-05-15 13:48 . 2010-05-15 13:48 12800 ----a-w- c:\documents and settings\Caprice Light\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-59c03054-n\decora-d3d.dll
2010-05-15 13:48 . 2010-05-15 13:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-15 13:47 . 2006-09-01 23:33 -------- d-----w- c:\program files\Java
2010-05-04 17:20 . 2006-09-01 21:55 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-09-01 21:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-09-01 21:55 17408 ----a-w- c:\windows\system32\corpol.dll
2010-04-29 19:39 . 2010-04-09 12:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-04-09 12:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2006-03-15 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-01-01 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\h:\0autocheck autochk /r \??\G:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-25 21:21 53248 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-06-02 00:55 1077248 ----a-w- c:\program files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 01:04 2879488 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-10-12 08:10 49263 ----a-w- c:\program files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2005-06-13 22:42 258048 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/27/2010 8:52 AM 135336]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [9/1/2006 5:56 PM 226304]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Caprice Light\Application Data\Mozilla\Firefox\Profiles\xgz1l4so.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Caprice Light\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 06:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\kmw_run.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-12 06:38:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-12 10:38
ComboFix2.txt 2010-07-11 23:23
ComboFix3.txt 2010-07-11 17:30
ComboFix4.txt 2010-07-11 11:38

Pre-Run: 57,514,192,896 bytes free
Post-Run: 57,397,346,304 bytes free

- - End Of File - - 07A1446D906C91EC443E38C9DBC1BE2F

And the MBAM Log...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/12/2010 7:02:05 AM
mbam-log-2010-07-12 (07-02-05).txt

Scan type: Quick scan
Objects scanned: 135634
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#11
hammerman
Posted 12 July 2010 - 11:15 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Any luck with the GMER scan (step 3)?
  • 0

#12
Marmaduke
Posted 12 July 2010 - 11:38 AM

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OOPS!
I am sorry, I missed that one. At work now and will get that to you as soon as I get home!

My apologies.

Marm
  • 0

#13
Marmaduke
Posted 12 July 2010 - 06:10 PM

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok, here goes.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-12 20:10:02
Windows 5.1.2600 Service Pack 3
Running: l22econj.exe; Driver: C:\DOCUME~1\CAPRIC~1\LOCALS~1\Temp\pxldqpob.sys


---- System - GMER 1.0.15 ----

SSDT F7C9DDB6 ZwCreateKey
SSDT F7C9DDAC ZwCreateThread
SSDT F7C9DDBB ZwDeleteKey
SSDT F7C9DDC5 ZwDeleteValueKey
SSDT F7C9DDCA ZwLoadKey
SSDT F7C9DD98 ZwOpenProcess
SSDT F7C9DD9D ZwOpenThread
SSDT F7C9DDD4 ZwReplaceKey
SSDT F7C9DDCF ZwRestoreKey
SSDT F7C9DDC0 ZwSetValueKey

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#14
hammerman
Posted 12 July 2010 - 11:57 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Looks better. How's your computer running now?

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
c:\documents and settings\Caprice Light\Application Data\Tamy
c:\documents and settings\Caprice Light\Application Data\Akcop

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 2 --

You have some old Java versions installed. Can you uninstall these using Add or Remove Programs.

J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9

-- Step 3 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Settings
  • In the scan settings, select the following:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan spyware, adware, diallers and other riskware
    Scan Archives
    Scan E-mail databases
  • Click Save
  • Now under ScanSelect My Computer
  • This will start the scanning of your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report
  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.

  • 0

#15
Marmaduke
Posted 13 July 2010 - 05:51 AM

Marmaduke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok here is the log from OTL...

All processes killed
========== FILES ==========
c:\documents and settings\Caprice Light\Application Data\Tamy folder moved successfully.
c:\documents and settings\Caprice Light\Application Data\Akcop folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Caprice Light
->Temp folder emptied: 76870 bytes
->Temporary Internet Files folder emptied: 143310 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2971954 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2904832 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 40767346 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Caprice Light




However, when I tried to run Kaspersky it downloaded everything then gave me an error message:

Update has failed. Program has failed to start. {Error: Key is expired}
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP